Skip to main content

Search

How can we help ?

How to enable Cloudi-fi DHCP for your guest users

Alexandre de THOMASSON
  • Updated

Step-by-step instructions to set up Cloudi-fi DHCP service for your Guest

                                                            

Prerequisites:

Before starting, ensure that you collect all parameters of your existing DHCP service for Guest

In many cases, our Cloud DHCP will replace an existing one. To anticipate the required information in the next steps, we recommend collecting all parameters of your existing solution (IP range, DHCP relay, Options, etc.)

 

Step 1: Configure DHCP on the location concerned

Go to Cloudi-fi Admin COnsole > Network > DHCP

If this option doesn’t appear, your admin rights don't allow you to use the DHCP Service. For that, you need to contact your Cloudi-fi support team to allow DHCP service for your account (cf. Administrators Profiles Select your Profile Special roles)

dhcp-configuration-cloudi-fi.png

 

Then select the network in which the DHCP Server will be accessible from your network

dhcp-activation-cloudi-fi.png

 

Then, select the location on which you want to configure Cloud Guest DHCP

Now you can fulfill all DHCP parameters according to your need.
 
Location configuration
dhcp-activation-location-cloudi-fi.png
  • Location
  • DHCP Settings

    • Lease time: lease for unauthenticated used

    • Extended Lease: lease duration for users already authenticate

    • Default Gateway: Last subnet IP or First subnet IP

    • DNS: DNS the Guest user needs to use

    • Advanced settings (NTP, SMTP, etc.)
  • DHCP Servers
    • Service Subnets: IP range (in which DHCP will be) needed to be routed into your tunnel. It is the (/28) defined in step 1.2 divided in two (/29)
    • Server Address: IP (primary / secondary) to use by the customer to join DHCP service
  • IPSEC Servers
    • Cloudi-fi nodes to use for IPSEC VPN
Subnet configuration
dhcp-activation-location-subnet-cloudi-fi.png
  • Subnet

    • Name: Name of your subnet

    • Subnet: IP range to use for new Guest

    • DHCP Relay: IP of the DHCP relay routing DHCP traffic to the actual DHCP server (default gateway)

    •  

Step 2: Build the IPSEC VPN Tunnel between your location and the Cloud DHCP

DHCP Server IP address

  • VPN Endpoint IP

    • EMEA

      • 87.98.189.202

      • 135.125.2.85

    • APAC

      • 51.79.178.35

      • 139.99.69.206

    • US

      • 51.81.66.49

      • 147.135.104.170

Recommended settings for IPSec tunnel (IKEv2)

Components

Phase 1

Phase 2

Confidentiality

AES-256
AES-128

AES-256
AES-128

Integrity

SHA-512
SHA-256
SHA-1

SHA-512
SHA-256
SHA-1

Authentication

Pre-Shared Key (PSK)

N/A

Protocol

N/A

AH

ESP

Encapsulation Mode

N/A

Tunnel Mode

Key Exchange Method

Diffie-Hellman

Diffie-Hellman

Diffie-Hellman Group

2 (​​modp1024)
14 (modp2048)
19 (ECP256)
21 (ECP521)

2 (​​modp1024)
14 (modp2048)
19 (ECP256)
21 (ECP521)

Total Child SAs Supported

N/A

8

SA Lifetime

3 Hours

1 Hours

SA Lifebytes

Unlimited

Unlimited

NAT-Traversal

Enabled

N/A

NAT Keepalive Interval

30 Seconds

N/A

Dead Peer Detection (DPD)

Enabled

N/A

DPD Timeout Interval

30 Seconds

N/A

DPD Maximum Retries

5

N/A

Perfect Forward Secrecy (PFS)

N/A

Disabled

Maximum Transmission Unit (MTU)

N/A

1400 Bytes

Maximum Segment Size (MSS)

N/A

1360 Bytes

Note :

  • Other encryption protocols are supported - please contact you Cloudi-fi support to know them