I have a requirement for two customers who are using different ssid from the same wlc. Thing is they want to use the same ip subnet for their wireless clients.
I have a VRF aware infrstructure behind the wlc so overlaps here are not a problem. Also, if i manually configure a client on both wlans with the same address, they both work fine and vrf does its job in the routing.
The only problem I have is with the dhcp. because I cant configure overlapping adresses on the interfaces of the WLC, I cant get it to do dhcp relay.
If i configure an arbiary address on the wlc interfaces and configure the dhcp server to be the next hop vrf enabled router (which is configured with an address in the correct subnet for the wireless clients and a helper-address pointing to the real dhcp server which is not on my network).
Then i just need to change the giaddr in the packet to the address of the vrf interface and punt it on its way, this should work.
Is it possible to do this ? I have investigated the 'ip dhcp relay information option vpn' which might do the job, but the documentation says it only works with broadcasts and not relayed unicasts.
And i cant see any way of stopping the wlc from using dhcp proxy, if i could get it to broadcast then problem solved.
anyone know if it is......
Possible to change the giaddr in this way
Possible to get the wlc to broadcast for dhcp resolutions.
I need to keep them seperated from each other in terms of security. I think putting them both onto the same interface would allow them to see each other.
each interface as it stands now has an associated .1q trunk. which in turn has a layer 3 interface on a vrf enabled svi. This allows me to keep their traffic seperate, allow the use of overlapping ip's and route their traffic to differing next hop routers.
all i need is a method of getting the wlc to either transparently broadcast the dhcp requests (no relay) from the clients to the wired side or some method of changing the gateway address in the relay packet after it leaves the wlc and hits the vrf enable layer 3 interface on the switch/router. This can then forward it on the the real server.