none
Different DHCP Scope from Different SSID RRS feed

  • Question

  • Setup:

    • 2 SSIDs: Official and Guest
    • 1 DHCP Server with 2 scopes: Scope A (10.0.0.0) and Scope B (172.10.0.0)

    Requirements

    When a user connects to Official SSID, they are issued an IP from Scope A. When a user connects to Guest SSID, they are issued an IP from Scope B.

    My 2 thoughts

    • Could it be implemented using DHCP Policies?
    • Does NAP need to be in the picture. If so, how?
    Sunday, October 30, 2016 6:08 AM

Answers

All replies

  • Hi

     First you should configure Dhcp relay agent to use different ip subnet on a single Dhcp server,check this article also; https://technet.microsoft.com/en-us/library/dd469685%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    Does NAP need to be in the picture. If so, how? >>> Yes,you should configure NAP and then configure for Dhcp;

    https://msdn.microsoft.com/en-us/library/dd296905(v=ws.10).aspx

    also configure NAP step by step ; https://mizitechinfo.wordpress.com/2014/07/19/step-by-step-network-access-protection-nap-deployment-in-windows-server-2012-r2-part-1-of-7-configure-server-and-client-certificate-requirements/

    Then you can configure certifcate authentication(with NAP,802.1x) for domain users (official) and guess users can connect to other guest scope.


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur


    • Edited by Burak Uğur Sunday, October 30, 2016 9:49 AM
    Sunday, October 30, 2016 9:49 AM
  • Hi Dmwaigi,

    >>Could it be implemented using DHCP Policies?

    You could deploy DHCP server with NAP as Burak mentioned.

    NAP has called-station-ID attribute, and you could configure to restrict connection from user.

    Here is information about called station ID for your reference:

    DHCP Server Callout DLL for MAC Address based filtering

    https://blogs.technet.microsoft.com/teamdhcp/2007/10/03/dhcp-server-callout-dll-for-mac-address-based-filtering/

    Best Regards

    John


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by John Lii Tuesday, November 8, 2016 2:12 AM
    • Marked as answer by dmwaigi Tuesday, November 8, 2016 4:00 AM
    Monday, October 31, 2016 2:21 AM
  • Thanks you for your reply. Maybe I should get a tad specific.

    I have Super Scope with both scopes.

    In our setup, we have a firewall the prompts user credentials to allow internet access. So ideally, if you don't have an account, you cannot browse.

    However, we have a group of IP's/scope that do not pass through the firewall i.e. they have direct internet access without prompting for credentials.

    So my idea is that, you come with a laptop/mobile, connect to the guest SSID and be issued with these ip's that do not require credentials on the firewall.

    My thoughts

    • Can the SSID be used as a condition to determine which scope you will be issued from.

    OR

    • Can I have the official scope (IP's to pass through the firewall) NAP-enabled and the guest scope (pass through capabilities) non-NAP enabled?



    • Edited by dmwaigi Monday, October 31, 2016 3:54 PM
    Monday, October 31, 2016 6:40 AM
  • Hi Dmwaigi,

    >>Can the SSID be used as a condition to determine which scope you will be issued from.

    I am afraid that there has no Microsoft built-in way to deploy it.

    Policy could deny or grant client obtain IP address from specific client to specific DHCP server.

    Best Regards

    John


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 1, 2016 2:39 AM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 8, 2016 2:11 AM