Assigning multi leases

STEMEgypt · March 4, 2018, 2:05pm

Hello,
I have Mikrotik with 40 VLANs
the VLANs IPs are like
VLAN1 10.1.0.0
VLAN2 10.2.0.0
and so on
I need to create lease for a lot of users “about 500” to be such
the first person gets 10.X.0.2 on each VLAN
is there a way to create simple script to do that without having to create 500 lease for 40 times?

like assiging this MAC ff:ff:ff:ff:ff:ff for this IP 10.x.0.2

sindy · March 4, 2018, 8:54pm

Do you expect the same device (with the same MAC address) to migrate between different VLANs or you just provide internet connection for 40 companies or groups so each device connects always to the same VLAN?

In the second case, you would create 40 DHCP servers with associated pools and networks, and that’s it. You can use scripting to do that but it will likely be faster to use copy-paste-modify than a for cycle.

STEMEgypt · March 24, 2018, 2:14pm

I’m expecting the same device to login into all the 40 vlans but each vlan cover different place
So I need to assign each one an IP like this “10.X.1.5” through all the vlans
I need X to be changing so I can limit the content depending on the place through the firewall -fortigate-
I can create static IP for each device on each vlan but that would be ALOT

sindy · March 24, 2018, 6:29pm

Still not clear to me. Does the very same device have to get different restrictions depending on the access point to which it is connected, or it is vice versa, you need the very same device to have same restrictions regardless the AP, but different devices must have their own restrictions?

I cannot see how the IP address to be leased could be created dynamically in ROS. Static leases refer to MAC addresses; you can have several leases defined for the same MAC address but each has exactly one complete IP address and is bound to exactly one dhcp-server, there is no possibility to use a wildcard for part of the address and share the lease among different servers. You would have to use some external DHCP server with dynamical generation of addresses.

If your APs are Mikrotiks, and you don’t need to give the same device different restrictions depending on the AP to which it is currently connected, you could consider using CAPsMAN to place everything into the same subnet, so the device address could be the same one everywhere. And if you eventually do need to use different restrictions fo the very same device depending on he AP it is connected to, you can use the netmap (network to network NAT) rules to translate the device address depending on CAP interface name.