2 weeks ago
Hi everyone, I've got a new topology that we're trying to get working in concept at the moment and would like some feedback on whether the routing is going to work or not.
Attached is a diagram showing a guest ssid terminating on the controller. The users will need to dhcp and communicate with our CPPM for guest registration. The controller has two main vlan paths to get out (mgmt & default-gateway). The mgmt interface on the controller is configured with "ip nat outside" so that the user's device can reach the CPPM's captive portal. This part has worked before with other sites that have had similar designs. The reason we did this is that the guest subnet (192.168.0.0 for example) is not routable within our network but the IP of the controller's mgmt interface is.
The part we're not sure of though is the dhcp. When the device sends out the dhcp request, will the controller NAT that packet with the controller's mgmt interface IP or will the request be sent out the mgmt interface but with the guest vlan's interface IP? I'm not sure on the underlying workings of dhcp so I'm not sure what the technical method of the request is like. FYI, in other sites where we have this working, the dhcp server is sitting on the router/core switch where the controller's default gateway is connected. The reason for looking at using the remote dhcp server is for better management and loggin of dhcp requests.
Hope this makes sense and our plan B is likely to have the local router do the dhcp duties if the proposed solution doesn't work.
Solved! Go to Solution.
I think I found the answer to my question. After checking with some other colleagues who are more knowledgable about DHCP, they state that the DHCP server does not respond to the NAT'd IP but instead responds back to the originating VLAN ID & subnet associated to it. This information is embedded in the datagram of the DHCP packet or something of that sort.