Mark, With Calix this is a few settings in the VLAN config for the data service vlan. For a typical DHCP data vlan you'll probably want: HEMLOCK-E7-2_1# show running-config vlan 121 vlan 121 description DHCP_DATA l2-dhcp-profile SNOOP_SINGLE source-verify ENABLED mff ENABLED !
Your dhcp approach will either be snooping or relay depending how you want to handle that. Curious how you are finding Calix compared to, was it Zhone you used previously? Chris On Thu, Nov 7, 2024 at 10:44 PM Mark - Myakka Technologies via AF < [email protected]> wrote: > Sterling, > > > > We are using Calix, so this sounds like the solution. I'll dig a bit > deeper in to their docs. > > > > Thanks to everyone. > > > -- > > Best regards, > > Mark mailto:[email protected] <[email protected]> > > > Myakka Communications > > www.Myakka.com > > > ------ > > > Tuesday, November 5, 2024, 7:15:34 PM, you wrote: > > > What equipment? > > Some types of equipment like our Calix XGSPON, handles this natively, so > you can just use DHCP and it will already isolate the clients. > > We still have active ethernet in some parts of our network, so port > isolation or switch port forwarding or similar items are what you are > looking for without having to resort to fancy layer3 type stuff like that. > > But that all depends on the equipment of course. We use Mikrotik and UI > and some FiberStore switches in our network, all of which do a form of > isolation on layer2 natively. So when a client device looks at it's WAN > network all it sees is the upstream devices and none of the other layer2 > devices. > ------------------------------ > *From:* AF <[email protected]> on behalf of Mark - Myakka > Technologies via AF <[email protected]> > *Sent:* Tuesday, November 5, 2024 2:38 PM > *To:* AnimalFarm Microwave Users Group <[email protected]> > *Cc:* Mark - Myakka Technologies <[email protected]> > *Subject:* [AFMUG] ISP level DHCP server > > We have always used PPPoE in the past. Just happen to be what our first > system 23 years ago was based on and we just stuck with it. We are setting > up a new area with all new equipment. Looking at setting it up as DHCP. > Looks like I can do some DHCP radius stuff and our new equipment will > inject data via option 82 if I want. > > The issue I can't wrap my head around is security. If I just setup a > normal DHCP server, all clients will be on the same LAN. That would not be > good. > > I'm looking at option 121 and /32 addresses. But, I don't think all > residential routers support 121. > > VLANs are another option, but I don think they will scale well. > > I feel like I'm missing some type of simple answer. > > > -- > > Thanks, > Mark mailto:[email protected] <[email protected]> > > Myakka Communications > www.Myakka.com > > Serving Manatee and Sarasota Counties with High-Speed Internet for over 20 > years > > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
