Do you use dhcp reservations?

bmeeks

@maverickws said in Do you use dhcp reservations?:

@bmeeks I don't think it was ever discussed in this topic "client-side configurations".

Truth be told, there is no reference on the pfSense software to DHCP Reservations (may be wrong but I really don't think there are).
When you go to DHCP Server you have an option to add a static entry. I believe it's a colloquialism where people are using reservation instead of static entry.

The wording can be confusing. I like to think of it as a reservation because you are reserving that IP address in the mind of the DHCP server, but only for a client whose MAC address matches the one you enter in the static assignment setup.

The other way, when I say "static", is on the actual client device I configure the network for "static IP" and not DHCP, and I manually type in the address and subnet I want that client to use. I realize that in the world of IoT, there may be devices that can only do DHCP, and if that is the case then you would need to use the DHCP reservation route to have a known, fixed IP address on the device.

So, to clarify, when I say "reservation" I am thinking of an entry in the DHCP server's configuration where I link a particular MAC address with a particular IP address. When I say "static", I am thinking of the situation where the client device is NOT using DHCP and I instead enter the IP information directly into the client manually. Been doing this sort of thing for a little over 40 years, and that's just the way I learned way back when.

mer

Yep. Been using them for a long time on the home network.
Makes it very easy to distingush "normal" devices from guests.
Since pretty much everything defaults to doing DHCP you wind up managing everything from a single place.

maverickws

@bmeeks got it.
I figured it was just some nuance of speech but wanted to clear it out just to make sure. Personally I most times call them "static mappings" or "arp mappings".

Also I believe there is a situation here, if I'm wrong please someone correct me but

pfSense allows a static mapping from many to one. This is, you can have several static entries using different MACs and the same IP address.
Now I am not sure because I hardly ever selected this option, but I figure when you select the option to have that
ARP Table Static Entry maybe then it is a reservation? Again, not sure on this one.
But in the true concept of the term, as it allows several entries for the same IP, it hardly ever is a reservation.
Also, by the way pfSense works, static mappings only exist outside the DHCP dynamic range, so an IP on the range "static" wouldn't go to the dynamic attributions.

Bob.Dig

I use it, even with IPv6.
(One person doesn't like this)

KOM

I don't use reservations at home or at the office. For me the only benefit would be easier renumbering, and that's something I haven't needed to do in the 20+ years I've been at this company. I report directly to the owners and they want to be able to do whatever they want when they want including weekends and evenings when I'm not around. I appreciate the security aspects but the owners don't like security getting in the way of their convenience.

azdeltawye

@johnpoz
Yes, I rely heavily on DHCP reservations for firewall rules and grouping of similar devices..

Does Kea DHCP not allow for static mappings?

azdeltawye

@bmeeks said in Do you use dhcp reservations?:

To me, it is easier in such situations to use a static IP assignment....

Maybe in some cases. However, many dumb IOT devices are 'hardwired' for DHCP.

MoonKnight

@johnpoz

Yes I use lot of DHCP Static Mappings all over my VLAN's :)

johnpoz

@azdeltawye said in Do you use dhcp reservations?:

Does Kea DHCP not allow for static mappings?

It does, but does not register them in unbound for dns as of yet.

ahking19

Yes, for all my home VLANs except the Guest one.

johnpoz

@maverickws said in Do you use dhcp reservations?:

Personally I most times call them "static mappings" or "arp mappings".

Why I called it out and hope make clear what I was talking about.. The static mapping term seems to be newer wording.. Us old farts, at least in my part of the world use reservation - because that is what they are, they are reservation for that mac to get this specific IP.. Kind of like when you make a reservation at a restraunt for table by the window..

But maybe it also just regions of the world use different terms?

That is another thing that is curious ;) maybe I could start another poll - hehehe

static mapping and arp mapping don't make a lot sense to me... Because that is not what it is, its a "reservation" on the dhcp server to give client X ip Y..

And unlike the Seinfeld episode, a dhcp server normally knows how to hold a reservation ;)

Youtube Video

bmeeks

@johnpoz said in Do you use dhcp reservations?:

Us old farts, at least in my part of the world use reservation

Welcome to the official pfSense old farts club . We can be the charter members!

Phizix

@johnpoz
I use them extensively. I also have Aliases for groups of addresses that I put them into, so I can make rules. Example Desktops, Laptops, and a combined alias of Computers (Desktop + Laptops). IOT devices, etc . . . .

I leave DHCP assigned to a certain range for new devices. I periodically (about once per week) look for any leases in that range (and hunt them down and kill them - J/K). If they are a new device that needs to be statically mapped I do so. If it is some temporary device I just make a mental note of it.

Phizix

gauthig

@johnpoz
This is the real problem with migrating to Kea at this time. It is irrespective of using static mappings (or reservations), fully DHCP or a combination of both on each subnet.

A good network should be using SSL on servers/services. An API call or just using a web browser breaks the validation of your cert if you use IP address instead of a FQDN. Modern browsers also are stopping you by forcing an acknowledgement to go to the site if you did not use the correct name in the URL, i.e. IP address.

One way around this is to set up all servers, like NAS, Plex, Home Assistant, Grafana, Influx.... (whatever you have on your local network), with static IP's (or static mappings) and then manually create an entry in unbound. But that extra work, more like BOUND and not unbound.

Let's just keep asking to add the KEA to unbound integration as a priority.
In the meantime, I'll be watching for any isc-dhcp CVE's and determine if I go the manual BOUND route or not.

SteveITS

@johnpoz May be sample bias as most users here are advanced.

@bmeeks Two reasons for us…

1. Windows 10 1607 feature update IIRC had a high tendency to (apparently) reset/reinstall the network adapter and therefore lose static IP settings. Have also seen this with resetting printers or other hardware.

2. if you need to change your subnet or especially mask it saves time touching each device to update manually.

johnpoz

@SteveITS said in Do you use dhcp reservations?:

May be sample bias as most users here are advanced.

That was my whole thought/point to be honest, I would think users of pfsense would lean towards being more advanced than your typical home router, what is an IP user ;)

Which is why I would think using reservations would pretty common.. Which so far that is what the poll is showing as well.

NogBadTheBad

I do, most of my devices are dhcp reservations.

After the update I and bet a lot of other people went back to the old dhcp server.

maverickws

@johnpoz said in Do you use dhcp reservations?:

static mapping and arp mapping don't make a lot sense to me... Because that is not what it is, its a "reservation" on the dhcp server to give client X ip Y..

eheh well I can tell you straight why I called them that. One of my first jobs was on the network department of a big local ISP. over 90% of CPE were Cisco devices managed by us. If you were adding a reservation you'd go with the command arp <ip> <mac> etc so that's why we called them "static arps" if anyone needed a reservation we'd go with "add an arp". Static only in the sense it's quicker said and a bit shorter word than re-ser-va-tion. Even translated to PT eheh but again this is slang.
Won't find me arguing if one is better than the other, main thing is people understand what it does, I've heard calling it so many things.

johnpoz

@maverickws And what cisco is that, that is not how you would make sure a device gets a specific IP out of the pool of dhcp running the cisco device.

Would be something like this

ip dhcp excluded-address 192.168.1.10

ip dhcp pool CLIENT_10
hardware-address 0034.121b.0c19
host 192.168.1.10 255.255.255.0

That is how you would set a static arp.. That isn't going to have dhcp hand out anything specific for a specific device.

maverickws

@johnpoz that was how we'd start the DHCP and establish a range for the pool instead of host.
I haven't been much around cisco lately but I'm pretty sure that was the command to add a reservation. I am probably mixing stuff. Let me check my notes!