Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DHCP reservations for SMA clients

I'd like to simplify the process of identifying SMA connect tunnel end users. Has anyone configured DHCP reservations (from the SMA or another device)?

Support indicates the SMA caches connection IPs but they're subject to expiration. It seems my options are to 1) use local accounts or 2) configure an AD attribute to an SMA resource variable to be used in SMA log files.

Perhaps the API would help here.

Any suggestions?

Category: Secure Mobile Access Appliances
Reply

Best Answer

  • CORRECT ANSWER
    AjishlalAjishlal All-Knowing Sage ✭✭✭✭
    Accepted Answer

    Hi @Pjohnson ,

    Hmm got the pain point. In this case we cannot use the Windows DHCP server for reserving the IP for client but we can resolve this issue with LINUX based DHCP Server.

    In Linux based DHCP Server, you can reserve IP in DHCP pool by hostname & not required MAC address.

    For Example you have to configure the Linux DHCP Server as same as below for reserving the IP based on the host name.

    # dhcpd.conf
    #
    # Sample configuration file for SMA dhcpd
    #
    # Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
    # configuration file instead of this file.
    #
    
    # option definitions common to all supported networks...
    option domain-name "test.local";
    option domain-name-servers 8.8.8.8;
    
    default-lease-time 86400;
    max-lease-time 86400;
    ddns-update-style none;
    authoritative;
    
    class "test1" {
      match if ( option host-name = "test1");
    }
    class "test2" {
      match if ( option host-name = "test2");
    }
    class "test3" {
      match if ( option host-name = "test3");
    }
    
    subnet 192.168.0.0 netmask 255.255.0.0 {
      option routers 192.168.0.1;
    
      pool {
        allow members of "test1";
        range 192.168.1.1 192.168.1.1;
        }
      pool {
        allow members of "test2";
        range 192.168.1.2 192.168.1.2;
        }
      pool {
        allow members of "test3";
        range 192.168.1.3 192.168.1.3;
        }
    }
    


Answers

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Pjohnson,

    If you have internal DHCP Server (Windows), it's possible to do the DHCP reservation based on the the client MAC address.

  • PjohnsonPjohnson Newbie ✭

    Support suggests that SMA doesn't forward MAC. Has your experience been different?

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Pjohnson

    A new option is available on SMA appliances running newest firmware, which is NetExtender with dynamic IP address scope (DHCP).

    This feature simplify and unifies functionality of NetExtender clients connectivity. Scope can be taken either from internal DHCP server or from devices providing such functionality.


  • PjohnsonPjohnson Newbie ✭

    This explains how to pass DHCP requests to another server. How can I configure static reservations if the MAC address isn't forwarded from the SMA/connect tunnel to the DHCP server?

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Pjohnson

    Yes. Once you configure the internal server in SMA for passing the DHCP request for the NetExtender clients,

    Open DHCP, right click on Reservations and then click on “New Reservation” to create a new reservation of an IP address for a particular Netextender client MAC address. 2. On New Reservation console, enter the reservation name, IP address, and MAC address. Click on Add to create this reservation.

    For getting the NetExtender client MAC from Windows Machine, enter the below command and it will show you the NetExtender MAC. Add this MAC address in your internal DHCP Server IP reservation and try.


  • PjohnsonPjohnson Newbie ✭

    Connect Tunnel has no MAC!


  • PjohnsonPjohnson Newbie ✭

    Thanks very much. I'll give that a try.

Sign In or Register to comment.