Static IP - MAC mapping inside DHCP dynamic pool - how to?

johnpoz

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

I need to giving certain equipment the IP that would be recognizable

You NEED too? Why does something need to have a .77 or .88 as its address, seems over complicated..

But if that is the sort of nonsense you want to do - have at it.. Why is .99 more "recognizable" than .72 ?

Is this really great and only one solution?

No - but seems like its the sort of over complicated solution you want to come up with.. Why not make your your pool .31 - 254?

Now you have .1 to 30 to use for your stuff you want to have a specific IP.. .1 being pfsense. Or use .2-220 or something and use 221 to 254 for stuff.. You trying to use .77, .88, .99 for your whatever equipment is not something I can say I have ever seen in some 30 years in the biz.. Common practice I have seen used countless companies is use either the first part or the last part of the range for statics or reservations.

The reason you might want to have a range in the middle is maybe you have devices that are in the range already, maybe they were on the last part of your /25 before, and now you want to expand the range to a /24 and let those static devices stay without having to reip them, etc.

Sergei_Shablovsky

@johnpoz said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

You NEED too? Why does something need to have a .77 or .88 as its address, seems over complicated..
But if that is the sort of nonsense you want to do - have at it.. Why is .99 more "recognizable" than .72 ?

ARE You serious? No joke?

The answer is very simple: because remembering the fact that all double digits IPs .99, .88, .77 etc are my equipment, nor guest of nor temporarily installed, etc... ARE PRETTY EASY.

Sergei_Shablovsky

@johnpoz said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

You trying to use .77, .88, .99 for your whatever equipment is not something I can say I have ever seen in some 30 years in the biz.. Common practice I have seen used countless companies is use either the first part or the last part of the range for statics or reservations.

With all my appreciation to Your knowledge and value here in community, but:

If You do not see some solution before (even with wide contacts and hundreds of installations), - not mean the solution is wrong or not have a reason.

Many peoples (even hi-educated Ingeneers with degrees) not thinking and analyzing, just doing like “googling for solution- copy solution - if working, go to next task or pub”. So, very possible that a You see a thousands of persons who “just copying nor thinking”.
And than we all see thousands of data leaking, DB hacking, etc... Just because even in a Enterprise sysadmins not thinking...

More than this, I pretty sure a You not see much sysadmins who make proper equipment and wires labeling with QRcodes (where one tap on iPad/iPhone open the sheet with all data about this equipment/ cable or open Augmented Reality plane, like this
Is this hard to implement - definitely NO. People just not thinking....

Another one example: see not too old the “Performing Out-of-Band Network Management” document from “US National Security Agency | Cybersecurity Information” and You able to see just horrific mistakes one even wrong/outdated decision. Why? Because no one seriously care. Even in this department someone “Pro” just copy/paste “old docs from Internet”... Again, people just no thinking...

Like only few people on this forum pay attention to rapidly growing of QUIC protocol implementing. And one day BOOM! And all here start to realizing that old-fasion filtration come close to the end, because more and more ISP implementing QUIC on their core, more and more mobile apps start to using QUIC, more web browsers come with QUIC enabled by default...

Back to topic: I STRONGLY SURE that remembering the fact that .99,.88,.77 “double numbers” are own company stable equipment ARE EASY that anything else.
(Because as SysAdmin I need to remembering also A LOT of other things...)

johnpoz

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

fact that all double digits IPs .99, .88, .77 etc are my equipment

Which is nonsense - makes no sense at all to do something like that... Can say that 2-30 is your equipment, or 221-254 is your equipment.

Do what you want - just offering up how you can do what you ask, which is different pools...You don't like that solution - and you think its overcomplicated because you think your devices should be 88, 99, 77 etc.. Really?? Verse in all of them being in adjacency 10-20 for example.. Sorry that just makes zero sense to anybody but you.

I have a bunch of light bulbs on my iot network.. What makes more sense I should make the light bulbs IPs 11, 22, 33 or just say hey 2-30 are light bulbs.. If I get more lightbulbs I can easy just move the pool from being .31-254 to 41-254, and now can have 10 more light bulbs, etc.. Shotgunning IPs throughout your scope makes no sense.

Also have the switches on this iot network, so lightbulbs can be 2-30, and the little switches that turn on say the xmas tree or the lamp can be say 240-254 out of the /24

Now I know just from an IP what a device type, etc.. without having to shotgun assignments out of the 1-254 scope.

This is easy to adjust... You could use say .2-20 out of your scope for reservations, and 240-254 for Ips you assign statically on the device for example.

Another simple solution would be to just put these devices on their own vlan, and assign a small dhcp scope say .250-254, and then you have .2-249 for use in reservations for your equipment, etc. This way you can bring a device easy onto this vlan where it gets a dhcp address in the .250-254 range, and then you reserve its IP and it changes to something in the .2-249 range.

I am sorry but 11,22,33,44 for your devices you want to have a specific IP via reservation or static makes no sense at all..

If you don't want your devices to be on the ends of your scope.. Then create 2 scopes... where say .2-49 are dhcp, and .61-254 is another pool, and now you can use 50-60 for your devices, etc..

Now with your multiple pools and some mac defining, maybe all your phones are from same company and their macs start with aa:bb:cc so you can have them use the first pool, and get ips from 2-49, and your other user devices get Ips out of hte 61-254 pool, etc..

JKnott

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

ARE You serious? No joke?
The answer is very simple: because remembering the fact that all double digits IPs .99, .88, .77 etc are my equipment, nor guest of nor temporarily installed, etc... ARE PRETTY EASY.

WTF?

That's nonsense. You create a pool and anything that's not in that pool is your equipment. For example, here the range .200 - .254 is the DHCP pool. Anything below 200 is my stuff. What could be easier than that?

It seems to me you're creating your own problem.

Sergei_Shablovsky

@jknott said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

WTF?

Please keep breath normally :)

That's nonsense. You create a pool and anything that's not in that pool is your equipment. For example, here the range .200 - .254 is the DHCP pool. Anything below 200 is my stuff. What could be easier than that?
It seems to me you're creating your own problem.

It seems You cannot read first question carefully: key moment are "small company/org" and "certain equipment/client".

This mean in conditions with:

• small amount of pfSense clients (in small company there are 10-50 IP's of human's iPads/iPhone's IPs);
• 10-15 IPs of some special equipment;

May be You happy to spending rest of the daytime to seek (or even keep in mind) which IPs is exactly for which equipment, but Im decently to busy for this.

Each small things that eliminate my work hours - good for me. Because a bunch of this "small things" lets me be free to keep attention on other more important things.

For me remembering that in all my datacenters
.11 mean Environment Monitoring Equipment
.33 mean PDU/CDU
.55 mean Cooling Unit
is much pretty easy.
But If You prefer to keep a lot of papers with notes, or doing netscan each time (to realize that .115 - is UPS, .120 - PDU, .124 - Environment, etc....) - this is Your manner to work.

P.S.
Outside of this topic, but:
If You so emotional and clever may be You have the answer that "Why Reboot and Halt System commands are still in Diagnostics but no in System pfSense WebGUI?"
Because Halt / Reboot ARE NOT FOR TESTING, ITS CORE ACTION ABOUT WHOLE SYSTEM !
May be this is also logical to You ? :)

NollipfSense

In my home office environment that's how I do it, create a pool for the cameras that's outside the pool range ex, pool 1 (2 - 20), pool2 (30 - 255)...cameras (21 - 29); so, they're in a pool outside the pool range.

JKnott

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

For me remembering that in all my datacenters
.11 mean Environment Monitoring Equipment
.33 mean PDU/CDU
.55 mean Cooling Unit
is much pretty easy.

You can still do that by having them separate from the DHCP pool. Either way, you have to manually map a MAC to IP address, whether separate from the pool or mixed in.

JKnott

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

Because Halt / Reboot ARE NOT FOR TESTING, ITS CORE ACTION ABOUT WHOLE SYSTEM !
May be this is also logical to You ?

Since I run Linux and not Windows, "reboot" is not part of my vocabulary.

Sergei_Shablovsky

@jknott said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

Because Halt / Reboot ARE NOT FOR TESTING, ITS CORE ACTION ABOUT WHOLE SYSTEM !
May be this is also logical to You ?

Since I run Linux and not Windows, "reboot" is not part of my vocabulary.

I understand You joke. BTW personally I not using Win for work around 25y.

What about be serious and answering about my question regarding right place Reboot / Halt menu item ? :)

Sergei_Shablovsky

@jknott said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

For me remembering that in all my datacenters
.11 mean Environment Monitoring Equipment
.33 mean PDU/CDU
.55 mean Cooling Unit
is much pretty easy.

You can still do that by having them separate from the DHCP pool. Either way, you have to manually map a MAC to IP address, whether separate from the pool or mixed in.

So, You just repeat the @johnpos answer. No any new info.

JKnott

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

What about be serious and answering about my question regarding right place Reboot / Halt menu item ? :)

You mean this question?

"Why Reboot and Halt System commands are still in Diagnostics but no in System pfSense WebGUI?"

Rebooting & halting are not something you normally do with routers. You just let them run 24/7. As far as I can tell, you normally reboot pfSense with an update and not much else. When needed, instead of rebooting, you can just restart some service, just like with Linux. So, you don't need them right up front, as they are in Windows. I suppose Diagnostics was the most logical place for them.

From my pfSense:

/root: uptime
2:42PM up 87 days, 23:34, 3 users, load averages: 0.01, 0.04, 0.00

It was powered down only because I was moving stuff around here.

JKnott

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

So, You just repeat the @johnpos answer. No any new info.

I think the point we're both making is we don't understand your reason for doing what you want. It doesn't make sense.

Sergei_Shablovsky

@johnpoz said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

fact that all double digits IPs .99, .88, .77 etc are my equipment

Which is nonsense - makes no sense at all to do something like that... Can say that 2-30 is your equipment, or 221-254 is your equipment.

Do what you want - just offering up how you can do what you ask, which is different pools...You don't like that solution - and you think its overcomplicated because you think your devices should be 88, 99, 77 etc.. Really?? Verse in all of them being in adjacency 10-20 for example.. Sorry that just makes zero sense to anybody but you.

I have a bunch of light bulbs on my iot network.. What makes more sense I should make the light bulbs IPs 11, 22, 33 or just say hey 2-30 are light bulbs.. If I get more lightbulbs I can easy just move the pool from being .31-254 to 41-254, and now can have 10 more light bulbs, etc.. Shotgunning IPs throughout your scope makes no sense.

Also have the switches on this iot network, so lightbulbs can be 2-30, and the little switches that turn on say the xmas tree or the lamp can be say 240-254 out of the /24

Now I know just from an IP what a device type, etc.. without having to shotgun assignments out of the 1-254 scope.

This is easy to adjust... You could use say .2-20 out of your scope for reservations, and 240-254 for Ips you assign statically on the device for example.

Another simple solution would be to just put these devices on their own vlan, and assign a small dhcp scope say .250-254, and then you have .2-249 for use in reservations for your equipment, etc. This way you can bring a device easy onto this vlan where it gets a dhcp address in the .250-254 range, and then you reserve its IP and it changes to something in the .2-249 range.

I am sorry but 11,22,33,44 for your devices you want to have a specific IP via reservation or static makes no sense at all..

If you don't want your devices to be on the ends of your scope.. Then create 2 scopes... where say .2-49 are dhcp, and .61-254 is another pool, and now you can use 50-60 for your devices, etc..

Now with your multiple pools and some mac defining, maybe all your phones are from same company and their macs start with aa:bb:cc so you can have them use the first pool, and get ips from 2-49, and your other user devices get Ips out of hte 61-254 pool, etc..

I carefully read again one time Your answer. So another one idea come to my head:

Switching DHCP off on interface for local lans that have once-installed (and rarely changed) set of equipment ?

For example CDU/PDU installed inside racks once and added/changed 1 time / 5 year or less. (Ok, sometimes we need something to repair and put off shelf some hot-spare unit for temporarily replace).
The same situation for Cooling, Environment Monitoring devices, Security Cameras & Recorders, rack doors locks, movie & sound sensors...

Sounds reasonably. Even the table MAC-IP would be 150-200 rows.

What You say about this?

Sergei_Shablovsky

@jknott said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

So, You just repeat the @johnpos answer. No any new info.

I think the point we're both making is we don't understand your reason for doing what you want. It doesn't make sense.

May be You are right. please see my last reply to @johnpoz

JKnott

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

What You say about this?

If you expect something to work without DHCP, you must use static configuration. Again, there's no reason it has to be mixed in with the DHCP pool. Here, in addition to the DHCP pool and static mappings, I have two devices with static configuration. One is my main desktop system and the other is pfSense.

johnpoz

@sergei_shablovsky said in Static IP - MAC mapping inside DHCP dynamic pool - how to?:

What You say about this?

Say about what - Not sure what your freaking asking.. And what does it have to do with some nonsense .66, .77, .88 plan - I don't care if you have 200 IPs.. So use a /23 and make the first /24 your your devices and the 2nd /24 your dhcp.

You can come up with whatever you want to come up with - .66, .77, .88, .99 makes no sense.. You will never convince of such nonsense.. I have had to go into a lot of customer networks, never seen such nonsense - and I have seen a lot of nonsense..

I gave you a way to do what you want be it that plan or whatever - now you say its too much work, well yeah because it makes no sense.. There is zero reason why anyone would do such a thing when I can just say .x-.y is either reservations or static..