Do you use dhcp reservations?
-
@stephenw10 said in Do you use dhcp reservations?:
I also usually add them for devices that statically configured
I do the same for my main pc, but as of late have just left in dhcp mode.. If I have to change its IP for some test or something I just go to static, and then when I want to get back to my default setup I just move it back to dhcp..
But yeah adding a reservation for stuff you set static is good practice I would agree. Simple way to just know hey I assigned this ip to something already vs having to use some ipam software or spreadsheet or "memory" ;)
And yup if for some reason the thing does reset to default or whatever - if it comes up dhcp it will get the IP you want, etc.
-
I'm a long time user of ISC dhcpd for both enterprise and personal use. I certainly make use of reservations as well as many other custom options. This topic took me by surprise as I was unaware that dhcpd is no longer being maintained by ISC (I'm retired), so I spent a little time reading about migration to KEA as well as how to configure it. Perhaps I'm just old, but the new JSON configuration and the many restrictions and qualifications make it look like a serious step backwards. https://kea.readthedocs.io/en/latest/arm/config.html
--Larry
-
@johnpoz said in Do you use dhcp reservations?:
Reservations came up in one, do people even use them, etc.. Which got me curious.. I personally use them for everything...
Yes, I do; however, not on my edge firewall pfSense...just on my LAN with Mikrotik.
-
@SteveITS said in Do you use dhcp reservations?:
if you need to change your subnet or especially mask it saves time touching each device to update manually.
I just had to do this - I set up a site-to-site VPN, and there was a subnet conflict between one of my subnets and one of the other side's subnets. I was able to change my subnet with little trouble, and all the devices with reservations picked up their new IP addresses automatically.
I also have some devices that I want static IPs for, but they do not have the ability to set a static IP. (Offhand, the first example that comes to mind is DoorBird doorbells, but there are some others too. These have an API that can be scripted, but that requires knowing how to contact them.) For these types of devices, DHCP reservations are critical.
-
@johnpoz
I use statics for important things not reservations. My network is so small at home that over the last 15 years or so I have changed equipment enough that I just use DHCP and adapt.
I guess I should also say I run DHCP off my Cisco L3 switch not Pfsense. -
@johnpoz
Sad: 1,200 views and ~32 (!!!!!!) votes -
@KOM said in Do you use dhcp reservations?:
I don't use reservations at home or at the office. For me the only benefit would be easier renumbering, and that's something I haven't needed to do in the 20+ years I've been at this company.
Static IP mapping are VERY USEFUL for pf rules writing and also give You flexibility when hardware changes.
If someone (I mean boss) not understanding this - it has a right to pay for extra work hours ;)
—
CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
Help Ukraine to resist, save civilians people’s lives !
(Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.) -
hey all,
FYI: static mappings are in use here too. I have DHCP reservations for all my clients (pure home network). Used to do static IPs on clients directly but cahnged that to dhcp reservations. And no, not using the new kea dhcp...still the old stuff here. -
My decision and arguments for using “IP static mapping” in middle-size companies or small firms with @johnpoz answers and arguments You may read here: Static IP - MAC mapping inside DHCP dynamic pool - how to?.
Thank You all!
-
I use them for every single device on my network. My 48 bit addresses and layer 2 addresses are all purple here because I do not want any mac address cloning going on. That is a cool pen testing tool to see that done.
-
@JonathanLee said in Do you use dhcp reservations?:
I do not want any mac address cloning going on.
Who is going to clone your macs? And for what purpose? Mac cloning is only a thing if they are already on your network..
Here is my pc mac.. Clone away ;)
Connection-specific DNS Suffix . : home.arpa Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, March 6, 2024 2:02:01 PM Lease Expires . . . . . . . . . . : Monday, March 18, 2024 2:02:00 PM Default Gateway . . . . . . . . . : 192.168.9.253 DHCP Server . . . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.3.10 NetBIOS over Tcpip. . . . . . . . : EnabledI would love to hear your theory how anyone could use that to do anything? That doesn't already have full access to my network anyway..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz bro now I can run airsnort on your network and packet sniff hahahaha. Jk
-
@Sergei_Shablovsky said in Do you use dhcp reservations?:
give You flexibility when hardware changes
New hardware? What's that?? My company runs on Dell blades from 2012. We don't ever get new hardware because that would cost more than zero. Same with our desktops.
-
@johnpoz Yes, I use dhcp reservations for my wireless clients, but sometimes it does not quite work as I would Like. It works hand in hand with my macsec implementation and hardens my certificate based user auth and aids in my acl implementation.
-
@Epimpin
That means you are going to spend a lot of time chasing MACs for all devices that come into your network. I have better things to do with my time than track every iPhone or whatever IP devices that comes into my network. Those devices are not going to work without you setting up the MAC for a DHCP reservation. Create a setup so it can be automated. And that means don't use DHCP reservations as it is too limiting. Use DHCP for a general class of devices. You can use scopes to separate devices and classes. -
@coxhaus
Well it all starts with having a good understanding of what a mac address consists of. For instance, the first 6 digits(3 octets) tell you who manufacures the device and when and is called an OUI.I have a locally stored OUI database installed in my auth scheme and I have ACL'S that block any device made by Huawei for instance and sends them to a walled garden with a message regarding Huawei devices with specific information.
You should know what type of devices you should expect on your network. With some simple network automation you don't have to "chase" mac addresses.
Then for things like switch to switch communications in your core, you should only ever see mac addresses of the neighboring switch. It doesn't have to be hard.
The dhcp reservations work well for allowing my roaming clients in my wireless networks to maintain a consistent connection and also allows my gigamon boxes to assign an identifier and gives good deduplication and solid subscriber tracking and less logging without having to implement a complex gtp/gprs configuration.
It works for me.
-
@Epimpin
I am glad it works for you. If you work on a network with 4 or 5 thousand PCs plus devices you are not going to be able to do that and do your job.You are building a structure that is going to be limited.
-
@coxhaus the reservations is more for tracking specific devices and or needs. Smaller networks yes it’s ok, but for thousands it gets harder to keep track of. A way around this is to set the dhcp pool lease timers really high so devices get the same IP address each time.
-
@JonathanLee
Plus using long DHCP lease times reduces your broadcast traffic immensely. Reducing the loads on your network. -
Number one reason for using dhcp reservation in my house is to allow me to direct the kids to different Pi-holes as they get older. This allows me to control YouTube restrictions and filter settings by maturity. All outside dns is blocked and I have a lot of fail safes in place that land “new” devices in the most restrictive Pi-hole group. This has worked really well until they get savvy. Then I have to decide if it is worth playing the cat and mouse game.
The pi-hole remote app is great because it has built in blocking controls for things like Roblox and discord. I can switch one kid off if they aren’t doing their homework or whatever.
