So I'm rolling out NAT+DMZ with DHCP on the ethernet interface. We've been configuring our NAT mode Canopy SMs to only hand out one IP address which is also the DMZ address. Yes, the GUI throws a warning about the DMZ address being inside of the DHCP pool, but it works just fine. Many other operators have been doing this for years.
ePMP doesn't let you set dhcpLanStart and dhcpLanLimit the exact same (to get a 1 address pool), so I'm setting dhcpLanLimit one address higher than dhcpLanStart (for a 2 address pool).
Then I set the DMZ address the same as dhcpLanStart. But after a reboot of the SM, the first DHCP client gets the dhcpLanLimit address which breaks my whole 'first client get's DMZ scheme.' I changed some things around and made it work. But I really wish I could just make it a 1 address pool like we do on Canopy.
So I'm rolling out NAT+DMZ with DHCP on the ethernet interface. We've been configuring our NAT mode Canopy SMs to only hand out one IP address which is also the DMZ address. Yes, the GUI throws a warning about the DMZ address being inside of the DHCP pool, but it works just fine. Many other operators have been doing this for years.
ePMP doesn't let you set dhcpLanStart and dhcpLanLimit the exact same (to get a 1 address pool), so I'm setting dhcpLanLimit one address higher than dhcpLanStart (for a 2 address pool).
Then I set the DMZ address the same as dhcpLanStart. But after a reboot of the SM, the first DHCP client gets the dhcpLanLimit address which breaks my whole 'first client get's DMZ scheme.' I changed some things around and made it work. But I really wish I could just make it a 1 address pool like we do on Canopy.
easy work around
use 2 ipaddresses put your radios LAN address in the range, the device wont issue its own IP to a client leaving only 1 valid.
but i agree with you, this should be easier to do.
I do the lan address as 192.168.15.1, and the DHCP range as 192.168.15.1 through 192.168.15.2 and it does what your after.
use 2 ipaddresses put your radios LAN address in the range, the device wont issue its own IP to a client leaving only 1 valid.
but i agree with you, this should be easier to do.
I do the lan address as 192.168.15.1, and the DHCP range as 192.168.15.1 through 192.168.15.2 and it does what your after.
I'm actually not using RFC1918 address space, but a /24 out of RFC6598 CGN space instead. 100.64.0.0/10 is the pool and I'm using 100.100.100.0/24. 100.100.100.1 is the ePMP LAN address. I set the start address at 99 and limit address at 100. 100.100.100.100 is the DMZ address. So this config works. I was trying to set start at 100 and limit at 101 and then discovered that the first client gets 101 thus breaking the auto DMZ.
If the customer changes their router/PC/whatever, all they have to do is power-cycle the SM.
Some devices will switch to bridge, switch, access point, etc. mode if they see an RFC1918 address on their WAN interface. Using the CGN address space avoids that problem. When we first started playing with NAT mode on our radios, the number one mfg that would do this was Apple with their stupid AirPort and TimeCapsule toys. SMH.
use 2 ipaddresses put your radios LAN address in the range, the device wont issue its own IP to a client leaving only 1 valid.
but i agree with you, this should be easier to do.
I do the lan address as 192.168.15.1, and the DHCP range as 192.168.15.1 through 192.168.15.2 and it does what your after.
I'm actually not using RFC1918 address space, but a /24 out of RFC6598 CGN space instead. 100.64.0.0/10 is the pool and I'm using 100.100.100.0/24. 100.100.100.1 is the ePMP LAN address. I set the start address at 99 and limit address at 100. 100.100.100.100 is the DMZ address. So this config works. I was trying to set start at 100 and limit at 101 and then discovered that the first client gets 101 thus breaking the auto DMZ.
If the customer changes their router/PC/whatever, all they have to do is power-cycle the SM.
Some devices will switch to bridge, switch, access point, etc. mode if they see an RFC1918 address on their WAN interface. Using the CGN address space avoids that problem. When we first started playing with NAT mode on our radios, the number one mfg that would do this was Apple with their stupid AirPort and TimeCapsule toys. SMH.
you can set the CPEs lan interface to 100.100.100.99 as you said. you can also set the DMZ to 100.100.100.100 as you said, and use that as the DMZ. you can let the customer have more addresses after that, but the first address to be leased with be the 100.100.100.100 so when someone uses a router, the DMZ is forwarded. when they connect with a bridged device, your CPE just hands out the rest of the address you've aloted.