[c-nsp] DHCP Isolation
Anton Kapela
tkapela at gmail.com
Wed Feb 22 09:41:05 EST 2012
On Thu, Feb 16, 2012 at 3:27 PM, Rich Trinkle <rtrinkle at heartofiowa.coop> wrote:
> How do I create isolation in that DHCP subnet/vlan so no one device and see another device within the same pool? Thank you in advance.
I know some c-nsp folks love easy hacks like pvlan-edge, but if I may,
please direct your attention to this feature: VLANs over IP Unnumbered
Subinterfaces
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtunvlan.html
then follow up with these threads for some platform-specific discussion/depth:
http://puck.nether.net/pipermail/cisco-nsp/2009-August/062876.html
https://puck.nether.net/pipermail/cisco-nsp/2011-April/078179.html
Additionally, the NANOG conference wireless network (which maps
several vlans --> wireless SSID's), makes extensive use of this very
handy feature. So, we can see fairly empirically that it scales at
least to ~1k devices, with plenty of host dhcp churn, while doing
ip-helper forwarding/relaying, etc. NANOG also assigns a dedicated
ipv6 /64 along with each v4 unnumbered subint, and this seems to work
just fine alongside v4 unnumbered; so, get your dual-stack on.
-Tk
More information about the cisco-nsp
mailing list