Question on eXtreme networks VLANing/DHCP

Skidilliplop · 20 Feb 2009 at 15:10

Anyone had any experience with extreme networks X250e switches?

I have a publicly accessible network (Wired) which I'm trying to tidy up a bit.

I have 3 floors with rooms on, each room has 1 port from which they can access the internet.

I need DHCP running so that config is simple for the customers, however i need to be able to audit what people do. If a policy violation flags up on the firewall I need to be able to link an IP address to a room.

The ideal way to achieve this is to have a DHCP pool of 1 address bound to each switch port. Is there any special feature that would facilitate this.
The only way I can see to do it is have a vlan for each port which requires an IP address for each VLAN, this seems wasteful as i'll lose half of the addresses in the range, possibly more if I'd need to setup routing (/30 network per VLAN).

oddjob62 · 20 Feb 2009 at 20:40

Skidilliplop said:
The only way I can see to do it is have a vlan for each port which requires an IP address for each VLAN, this seems wasteful as i'll lose half of the addresses in the range, possibly more if I'd need to setup routing (/30 network per VLAN).

Not sure what you mean. Just have all of these ports in one VLAN with one IP bound to that VLAN

Skidilliplop · 26 Feb 2009 at 09:20

That's how standard DHCP setup would work yes. However i want to fix which IP is assigned via which port. I.E .101 is always assgned to the device connected to port 1, .102 is always assigned to the device on port 2 etc.

oddjob62 · 26 Feb 2009 at 15:45

Skidilliplop said:
That's how standard DHCP setup would work yes. However i want to fix which IP is assigned via which port. I.E .101 is always assgned to the device connected to port 1, .102 is always assigned to the device on port 2 etc.

Not sure how you'd do that without setting the DHCP leases to be VERY short, otherwise when you swap devices there the address you want will already be used up until the lease expires

Skidilliplop · 26 Feb 2009 at 15:48

I'm not too fussed about that as the leases are for internet access so a lease time of 1-2 hours would be fine.
The only bit I can't figure out is assigning the addresses based on port number without a VLAN for each port - Which is wasteful.

Annihilation · 26 Feb 2009 at 19:41

Whilst this maybe possible, I can only think of a per port vlan policy.

I would maybe look down the route of giving out any IP, but using some form of auditing that ties copies the mac address and IP and then using snmp and MIBs you could have a script that would show you which port they were on, or you could just go to the switch and look for where the IP or mac is allocated.

Skidilliplop · 27 Feb 2009 at 09:15

I'm not doing this to speed up location a PC, It's a security thing. People will connect laptops in the rooms thus there will be many MAC addresses per port. Also the possibility that the same MAC could be connected in several different rooms. Thus i need a logical address which will show up as a source address in firewall logs to be tied to the physical location from which the packet originated.