Step-by-step instructions to set up Cloudi-fi DHCP service for your Guest
Use Case
The following sections will provide step-by-step instructions to enable Cloudi-Fi DHCP.
Prerequisites
Before starting, ensure that you collect all parameters of your existing DHCP service for Guest
In many cases, our Cloud DHCP will replace an existing one. To anticipate the required information in the next steps, we recommend collecting all parameters of your existing solution (IP range, DHCP relay, Options, etc.)
1. Activate Cloudi-Fi DHCP feature
Go to Cloudi-fi Admin Console > Network > DHCP
If this option doesn’t appear, your admin rights don't allow you to use the DHCP Service. For that, you need to contact Cloudi-Fi support team to allow DHCP service for your account (under Administrators -> Profiles -> Select your profile from the Profiles drop down menu)
Then select the network in which the DHCP Server will be accessible from your network
Then, select the location on which you want to configure Cloud Guest DHCP
2. Activate Cloudi-Fi DHCP service on your locations
2.1. VPN configuration
In Location section, configure your IPSEC parameters
- Type: IP based IPSEC or FQDN based IPSEC (if you don't have permanent IP, you can add an FQDN - for instance location_name@company_name.cloudi-fi.net)
- Pre-shared key
2.2. Configure your DHCP parameter (pools, options, etc.)
In DHCP Settings section, configure
-
Lease time: lease for unauthenticated used
-
Extended Lease: lease duration for users already authenticate
- Default Gateway: Last subnet IP or First subnet IP
-
DNS: DNS the Guest user needs to use
- Advanced settings (NTP, SMTP, etc.)
You can configure these DHCP settings
- Globally i.e. same settings for all of your locations (see Cloudi-fi Admin Console > Network > DHCP > Global Settings)
- Locally i.e. specific settings from one location to another
- Pool i.e. specific settings for each DHCP pool
2.3. Add your DHCP pools
Go to Cloudi-fi Admin Console > Network > DHCP, select your Location and click on "Add subnet"
-
Name: Name of your subnet
-
Subnet: IP range to use for new Guest
-
DHCP Relay: IP of the DHCP relay routing DHCP traffic to the actual DHCP server (default gateway)
When creating a subnet,
- With no preexisting Security Profile, three security profiles are generated:
- Quarantine All/All with captive portal enabled
- Blacklist All/All
- Guests (because captive portal is enabled on the quarantine)
- With preexisting Security Profiles
- If no quarantine matches the subnet: Quarantine All/All with captive portal enabled
- If no blacklist matches the subnet: Blacklist All/All
- If no quarantine matches the subnet: Guests (because captive portal is enabled on the quarantine)
3. Configure the VPN Tunnel(s) (IPSEC) between your location and the Cloud DHCP
Go to Cloudi-fi Admin Console > Network > DHCP, select your Location and use the IPSEC servers listed
Recommended settings for IPSec tunnel (IKEv2)
4. Forward your DHCP request from your DHCP Relay to Cloudi-Fi
Go to Cloudi-fi Admin Console > Network > DHCP, select your Location and select DHCP servers section
- Service Subnets: IP range (in which DHCP will be) needed to be routed into your tunnel. It is the (/28) defined in step 1.2 divided in two (/29)
- Server Address: IP (primary / secondary) to use by the customer to join DHCP service
What's next ?
Congratulations on enabling DHCP service.