Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Configuring DHCP Server for Hostname-Based IP Assignment with Three IP Range

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Configuring DHCP Server for Hostname-Based IP Assignment with Three IP Range

L1 Bithead

My goal is to set up a DHCP server capable of allocating IP addresses according to the hostnames of client machines.

Here are the specific requirements:

We require the DHCP server to oversee three separate IP ranges.

For hostname-based IP assignment:

  • Client machines with hostnames starting with "win*" should be assigned IP addresses from Range 1.
  • Those with hostnames beginning with "linux*" should receive IP addresses from Range 2.
  • Machines with hostnames starting with "debiane*" should obtain IP addresses from Range 3.

I would greatly appreciate your assistance in achieving this setup.

1 accepted solution

Accepted Solutions

Hello @hamza_d - the DHCP server will likely need to recognise Option 82, which is the relay agent information option, in order to recognise the DHCP request that has been relayed via the NGFW.  Option 12 is the hostname record, so it will need to process that in a manner appropriate to your allocation mechanism.  Generally with BNG style functions you would use Option 12 to determine the IP address programmatically, in order to meet this requirement.  However, the exact configuration of this depends on your choice of DHCP server and associated subscriber management toolset. 

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks

View solution in original post

4 REPLIES 4

L4 Transporter

Hello @hamza_d - this sort of functionality would be best suited to a dedicated DHCP server; the functionality you describe is akin to IPoE or BNG allocation mechanisms, so a DHCP server designed to work in a BNG environment would be a good start.  

To the best of my knowledge, no such pool allocation mechanism exists in the PAN-OS DHCP server, nor is it an item that I would expect to find on a roadmap.  However, if you were to use an external DHCP server such as ISC Kea, Windows DHCP Server, or Radiator DHCP, you could proxy DHCP requests through your PAN-OS NGFW using DHCP Relay functionality. 

 

In short, you would achieve this by setting up your DHCP server on a preferably separate network segment, then configure the NGFW interfaces, that face your DHCP clients, using the Network > DHCP > DHCP Relay menu on the administration interface.  In there you would define the IP address of your upstream DHCP server.  You would repeat this for any and all interfaces facing DHCP client systems. 

 

Configuration of the DHCP server is a separate step, but you would configure that server to use and require both Option 82 and Option 12 in determining its replies. 

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks

 

Hello @iarobertson 

Thank you for getting back to me.

To ensure I understand your idea better, I see that I'll need a dedicated DHCP server, configure the DHCP relay, and set up three interfaces to meet this requirement. However, I'm unclear about why I need to configure Option 82 and Option 12 on that DHCP server. Could you please provide further clarification on this matter?

Hello @hamza_d - the DHCP server will likely need to recognise Option 82, which is the relay agent information option, in order to recognise the DHCP request that has been relayed via the NGFW.  Option 12 is the hostname record, so it will need to process that in a manner appropriate to your allocation mechanism.  Generally with BNG style functions you would use Option 12 to determine the IP address programmatically, in order to meet this requirement.  However, the exact configuration of this depends on your choice of DHCP server and associated subscriber management toolset. 

Iain Robertson
Senior Customer Success Engineer, NGFW, Palo Alto Networks

@iarobertson  thanks. 

  • 1 accepted solution
  • 2399 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!