I'm trying to make my life a little easier in the long run and am using Spiceworks to scan the network for down APs, network utilization, etc.
The end goal is when we plug in an access point to be provisioned, it get an address from the master DHCP server, then once the AP receives configuration from the controller, the controller assigns it a different address outside the main DHCP range so that we can scan it.
The network is /20, so let's just say main DHCP is 10.10.80.1-10.10.90.255.
Wanted sequence:
- Plug in AP
- AP receives address in the main range from the master DHCP server (not the controller)
- AP finds the controller (DNS entry)
- Controller provisions and sends configuration
- AP reboots and requests new address
- Controller responds and gives address in different range, say 10.10.91.1-254
In this case, the controller would only be authoritative for the 91.1-254 range
The other way I was thinking is very similar. New subnet, /24, that the APs are on. More or less the same sequence as above, but now the APs are not reachable from the main subnet.
Since the subnet is so large, it would take a very long time to scan the entire thing with any ease; not to mention we'd be inadvertently collecting information about devices that are transient and don't belong to us (security/privacy concerns).
Any suggestions on how to achieve this?