Skip to content

Managed Subnets

A Managed Subnet extends the regular Subnet with a built-in DHCP server running on the gateway asset. This allows the gateway asset to manage an entire network segment — assigning IP addresses, DNS servers, and gateway settings to devices that connect to it. The gateway asset must be a Linux asset.

To do this, the gateway asset must provide an additional, dedicated network interface (e.g., a second Ethernet port or a VLAN interface) through which all devices behind it receive their network configuration via DHCP. Gateway assets without a free additional network interface cannot be selected for Managed Subnets.

Configuration

When creating a Managed Subnet, you configure:

General tab

  • Gateway Asset — the Linux asset that will run the DHCP server (only assets that support DHCP are shown)
  • Name and Description
  • Filter Mode — controls what traffic the managed devices are allowed to reach:
    • Internet + XplicitTrust Overlay — devices can reach both the internet (via IP masquerading done from the gateway asset) and other XplicitTrust assets
    • XplicitTrust Overlay only — devices can only reach other XplicitTrust assets, internet access is blocked
    • Incoming XplicitTrust Overlay only — devices can only be reached by other XplicitTrust assets, all outgoing traffic is blocked
  • Hosts — static IP-to-DNS-name mappings for known devices on the subnet

DHCP tab

  • Managed Interface — the network interface on the gateway asset that the DHCP server will listen on
  • Interface IP (CIDR) — the IP address and subnet mask assigned to the managed interface (e.g. 192.168.36.2/24)
  • Pool Start / Pool End — the range of IP addresses the DHCP server will hand out
  • Gateway IP — the default gateway provided to DHCP clients (which is usally the same as the Interface IP)
  • DNS Servers — comma-separated list of DNS servers provided to clients
  • Lease Time — how long an IP address lease is valid (in seconds, default 86400 = 24 hours)
  • Auto-create Hosts — when enabled, devices that receive a DHCP lease are automatically added as hosts on the subnet. An optional Domain can be specified for auto-created host DNS names. If the name is already taken, the last two bytes of the device's MAC address are automatically appended to the name to avoid name collisions.

Services tab

  • Services and Policy Assignments — same as for regular Subnets, controlling which services are available and which policies grant access.