What equipment? Some types of equipment like our Calix XGSPON, handles this natively, so you can just use DHCP and it will already isolate the clients.
We still have active ethernet in some parts of our network, so port isolation or switch port forwarding or similar items are what you are looking for without having to resort to fancy layer3 type stuff like that. But that all depends on the equipment of course. We use Mikrotik and UI and some FiberStore switches in our network, all of which do a form of isolation on layer2 natively. So when a client device looks at it's WAN network all it sees is the upstream devices and none of the other layer2 devices. ________________________________ From: AF <af-boun...@af.afmug.com> on behalf of Mark - Myakka Technologies via AF <af@af.afmug.com> Sent: Tuesday, November 5, 2024 2:38 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Cc: Mark - Myakka Technologies <m...@mailmt.com> Subject: [AFMUG] ISP level DHCP server We have always used PPPoE in the past. Just happen to be what our first system 23 years ago was based on and we just stuck with it. We are setting up a new area with all new equipment. Looking at setting it up as DHCP. Looks like I can do some DHCP radius stuff and our new equipment will inject data via option 82 if I want. The issue I can't wrap my head around is security. If I just setup a normal DHCP server, all clients will be on the same LAN. That would not be good. I'm looking at option 121 and /32 addresses. But, I don't think all residential routers support 121. VLANs are another option, but I don think they will scale well. I feel like I'm missing some type of simple answer. -- Thanks, Mark mailto:m...@mailmt.com Myakka Communications www.Myakka.com<http://www.Myakka.com> Serving Manatee and Sarasota Counties with High-Speed Internet for over 20 years -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
