Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX450 Maximum DHCP scope size (per VLAN and global)

javier_l
Conversationalist
‎Sep 4 2022 8:31 PM
‎Sep 4 2022 8:31 PM

MX450 Maximum DHCP scope size (per VLAN and global)

I'm about to deploy a network for an event. We are expecting around 7,000 devices which will require an IP all of them on a single VLAN/subnet (it is a very large wireless network and we are expecting tons of roaming so using the MR on NAT mode is not an option) plus we will also need some other leases (size of /24) for other VLANs/subnets.

 

I know the DHCP on the MX can be configured with a maximum /19 scope which is fine with me, but I need to know if thats the max for a single VLAN or for the overall MX box.

 

Any one here whith experience deploying large DHCP scopes using the MX who could chime in with some experiences and gotchas that I may need to be aware.

 

Regards

0 Kudos
Subscribe
4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 5 2022 12:17 AM
‎Sep 5 2022 12:17 AM

Is this using Meraki MRs by chance?

 

If so, try and use MR NAT mode.  It doesn't use a DHCP server under the hood - it creates a hash of the user's MAC address to form an IP address (so a specific MAC address always gets exactly the same IP address).  Because of this, it is safe from DHCP starvation attacks, and can scale "real big".

 

ps. I just saw your comment about MR NAT mode (doh!).

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 5 2022 1:02 AM
‎Sep 5 2022 1:02 AM

Have you considered using distributed layer 3 roaming?

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/... 

 

With this you can use lots of subnets and VLANs.  When a user roams to an AP outside of the current VLAN they get to keep their IP address - and the destination AP just unicast forwards the traffic back to the anchor AP and then it gets processed.

 

Depending on your physical topology, you could use 4 subnets/VLANs with 2048 host entries.

 

 

I think I would try using one of those tools that sends DHCP requests from random MAC addresses (designed for doing starvation attacks ...), and make sure you can allocate that many DHCP addresses without killing the MX450.

https://github.com/kamorin/DHCPig 

Subscribe
cmr
Kind of a big deal
Kind of a big deal
‎Sep 5 2022 2:33 AM
‎Sep 5 2022 2:33 AM

@javier_l we use the MXs with a /16 DHCP scope, that will of course only issue enough IPs to fill a /19, for the public Internet at each of our sites. Even an MX64 handles the scope, though we put larger units at the larger sites. The largest site we have dishes out up to 2000 IP addresses a day and that is currently using an MX84, but it was fine with the previous MX65. 

Subscribe
cmr
Kind of a big deal
Kind of a big deal
‎Sep 5 2022 2:34 AM
‎Sep 5 2022 2:34 AM

Oh and the MX84 is dual stack so dishes out IPv6 addresses to about 75% of the clients as well!

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.