Help

Using Network Segments for a static main office and DHCP satalites

Go to solution
kdowley
New Contributor

Posted on ‎07-02-2015 02:34 PM

I'm trying to create smart policies for distributing software packages based on location.

I have a main office that handles about 80% of our total employees that sits under a single static IP address, perfect candidate for a network segment. I also have a few dozen remote users that have constantly rotating IP addresses. I'd like to be able to set policies for software distribution that says if you are on IP 1.1.1.1, use the local distribution point. All other IP addresses, mostly unknown, should use our cloud distribution point.

I've been unable to set Network Segments for IP ranges, or 'All IPs but 1.1.1.1'. Is this possible? What other work arounds exist if it isn't?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-02-2015 02:40 PM

Yeah, so the trick here is to set up a Network Segment in the range of "1.1.1.1" to "254.254.254.254" and name it something like "Internet" "Other" or "Remote", whatever makes sense. Then create your specific IP Network Segment for the office/location you mentioned.
The reason this works is because Network Segments work from most specific to least specific, so when a Mac falls into the more specific IP range, it will land into your Office Network Segment. Anything not in that exact range will land in the other NS.

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-02-2015 02:40 PM

Yeah, so the trick here is to set up a Network Segment in the range of "1.1.1.1" to "254.254.254.254" and name it something like "Internet" "Other" or "Remote", whatever makes sense. Then create your specific IP Network Segment for the office/location you mentioned.
The reason this works is because Network Segments work from most specific to least specific, so when a Mac falls into the more specific IP range, it will land into your Office Network Segment. Anything not in that exact range will land in the other NS.

0 Kudos

Go to solution
kdowley
New Contributor

Posted on ‎07-02-2015 02:46 PM

That's perfect! Thanks for that clarification. How does it work though, as far as the most to least specific part? Does the JSS evaluate how many IPs are in a range and give preference to the lowest? Something like, this range has 100 IPs, whereas this one has 1,000,000, so I prefer the one with 100 first?

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on ‎07-02-2015 02:52 PM

@kdowley Maybe I'm misunderstanding what you mean, but with the IPs you mentioned, is it a range like this? (using these values as an example only):

192.168.0.1 to 192.168.255.254

If so, it would mean that if a Mac hits the JSS with an IP of 192.168.10.200, it will land in the Network Segment that uses the range above as its defined range.
If another Mac comes along with an IP of 172.10.10.100 its going to end up in the "Other" Network Segment since that IP isn't in the above range. Does that make sense? Is that what you're asking, or am I misunderstanding your question?

0 Kudos

Go to solution
kdowley
New Contributor

Posted on ‎07-02-2015 03:02 PM

No, you got it. That makes sense, and thank you for the example, as that's exactly what I mean. I guess the question was if I have another range in 192.168.100.1-192.168.200.1, will it then prefer that over both 192.168.0.1 - 192.168.255.254 and 1.1.1.1 - 254.254.254.254?

0 Kudos