pfsense DHCP Reservation Questions
-
Yeah, I got it. I went back and looked over the dhcp config again to refresh my memory. I understand how they made reservations and scope work. I do not like how it works and I wish it were different, but it is what it is.
I wasn’t sure if there were any other options for dhcp of if I overlooked something or not. Sounds/looks there is not. So it’ll have to be multiple smaller scopes that don’t include static/reservations or rearrange ip assignments on the network to accommodate a contiguous scope.
Validating is half the battle.
-
@djtech2k what I do when I add a new device is just let it get dhcp - then set a reservation for outside the pool. I'm not sure why anyone set a static on a device other than devices that don't even support dhcp
You can change its ip without ever having to touch it, you could even change whole network ip space. You can change options again without having to touch it..
My dhcp scopes are small .100-120 for example - rest of the space I just use as reservation. And its easy enough to know what IP is next to use..
-
@johnpoz said in pfsense DHCP Reservation Questions:
I'm not sure why anyone set a static on a device other than devices that don't even support dhcp
Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs and not resort to APIPA should the non-redundant DHCP-service fail.
-
@P3R said in pfsense DHCP Reservation Questions:
Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs
That's why static MAC DHCP lease were invented. Also valid for DHCPv6 btw.
Every device on my main LAN network support DHCPv4/DHCPv6.
Every device on my main LAN network always has the same IPv4/IPv6..
I've started to add a static MAC DHCP lease for every device I had back then (many decades ago), and continued to so for every new device I add (one or two every year).This means that I don't need to change something on the device, they are all 'out of the box', and these are printers, NAS, APs, PC's and servers, some witches, and some other 'special' stuff. 50 or so.
I've lost some what the notion of 'what IPv4 is sud by what device' as I gave them all my defined short host names.
Most devices don't even really use IPv4 anymore, they use IPv6 these days. And I'm not going to remember these anyway, they are to long, even when using 'short' mode.
I've my short host names, I will not break DNS, so everything works fine.If you don't have 24.11 with kea that supports this, stay with ISC and you're fine. Worked for me for since early 2010. ISC still rocks for billions of devices.
With 24.11 and kea, static DHCP work fine also.
Same thing for DHCPv6. -
@P3R where did you quote that from ;)
You know what needs static - loopback on your infrastructure equipment. The dhcp server ;) Your gateway on whatever network - which is normally by common practice either the 1st IP or the last on a network.
But sure go ahead if you want - but there is no reason they should be just shotgunned into the ip network.. put them on one side of the pool ;)
But also not just loopback on your routers or switches.. But normally their management IP on its own infrastructure network anyway. Servers of some kind would be on their own normally as well. But sure there might be some static stuff on any network. The gateway device, dns or dhcp server itself, etc. Common practice is to leave a few ips on each side of the scope.. We normally start at .10 and end at .244.
-
@johnpoz said in pfsense DHCP Reservation Questions:
@P3R where did you quote that from ;)
I quoted you and it says so in the first line of that post. It's the same in this one.
But sure go ahead if you want - but there is no reason they should be just shotgunned into the ip network.. put them on one side of the pool ;)
I'm not the OP and I have them outside of the pool, bottom and top. I just explained why some may use static and I don't need the approval.
I reserve them in DHCP as well though. That way the DHCP configuration is at the same time my IP documentation and it prevent any problems should there be a factory reset of a device. A little more work initially but less problems later on.
But also not just loopback on your routers or switches.. But normally their management IP on its own infrastructure network anyway. Servers of some kind would be on their own normally as well.
True for professional users and equipment but not for many home users.
-
@P3R said in pfsense DHCP Reservation Questions:
I quoted you and it says so in the first line of that post. It's the same in this one.
not not me - this part, this sounds like it came from doc from back in the day on why static is better
"Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs"
True for professional users and equipment but not for many home users.
Sure - true, but what is the point of breaking up your pool and putting IPs inside your continuous space.. Just leave some in the beginning and leave some at the end for your reservations and statics.. A pool of .10 to .244 leaves you 20 ips for static or reservations - if you need more use .20 to .234, etc. or 100-200 as your pool.
What does it matter if device X is .9 or .90 ? or .128 or .156 or .245, etc..
-
@johnpoz said in pfsense DHCP Reservation Questions:
not not me - this part, this sounds like it came from doc from back in the day on why static is better...
Ah okay. It wasn't a quote, those were my own words. I don't mind that you mock me for being old-school because that's what I am.
Sure - true, but what is the point of breaking up your pool and putting IPs inside your continuous space..
Maybe I was unclear but I'll try again. I don't do what you say there.
It is the OP that like it that way but I'm not him.I have my static and reserved IPs in the beginning and at the end of the IP subnet and the pool in the middle so very similar to your recommendation.
-
@johnpoz said in pfsense DHCP Reservation Questions:
Its good practice to not set static ips inside your pool, that is why you should edit the pool to leave ips off on the beginning and end for static or reservations.
Well question for you. When i set up printers those are done with DHCP. Grab the DHCP so i can grab the MAC address and then create a static outside of the pool, restart the printer, its all a bit much, no? Its easier to make a static once it grabs an IP.
-
@johnpoz disregard i see your workflow above in a previous comment.
-
I am trying to get my config applied so I can put my pfsense into prod. As I said above, I am trying to keep it simple so I can operate my network as close to what it is now as I can, at least for the time being.
I have moved around my IP usage on the current network so it will be easier for implementing on pfsense, which I have done. I essentially put in all reservations and static IP's into the bottom and top of my ip range, then set the pool to everything in the middle. I use a 192.168.x.x/24, so I have 254 IP's.
In my current network, I have that 1 IP range and everything is assigned in that range via static, reservation, or DHCP. The router has 5 ports, 1 of which is the WAN. I do have a few downstream switches and AP's. I have no VLAN's configured. Its simple but it keeps the household running.
Now with my new pfsense hw, I have WAN configured and plugged into my modem. I have a LAN port configured and connected to my laptop. The LAN interface is where I have the exact same 192.168.x.x IP setup and the DHCP server with that same range. I had planned to plug in some of the switches and the AP's into the other open ports on my pfsense, but I am realizing I cannot use the same subnet on those other ports and I see no way to have more than 1 DHCP server. Is there a way to have multiple DHCP servers running or have a single DHCP server serving IP's across multiple ports? If I cannot do that then it seems my only choice will be to only use 1 port on the pfsense box that goes to a switch that then distributes all the other connections.
At some point I may create VLAN's and separate out traffic across ports/switches but I don't have an urgent need or time to do that now. I'd like to use pfsense and host my single CIDR block of IP's like I have been so everything works, then determine if I want to put in the work to config to separate everything across VLAN's and ports.
Any thoughts?
-
@djtech2k said in pfsense DHCP Reservation Questions:
I see no way to have more than 1 DHCP server
You can, after you create separate interfaces/networks for the other ports.
To have them all on the same subnet you would have to bridge ports together which is not normally recommended, because switches are cheap and handle switching in hardware instead of software.
https://docs.netgate.com/pfsense/en/latest/bridges/internal-networks.html
-
I put the pfsense into prod today. I have an old unmanaged 10/100/1000 Cisco switch that I plugged into my LAN port, and I have all physical cables plugged into it. I don't love adding another switch in the middle, but it allows me to keep everything flat and on my 192.168.x.x CIDR block. Once its all stable, I can look into whether I want to create separate networks and use more physical ports on the pfsense box.
I have a question about a repetitive entry in my System Log. I am getting: "arpresolve: can't allocate llinfo for 10.x.x.x on igc0". This my WAN port that is plugged into my ISP modem/gateway device, so it is double NAT. If I reset the port, the message stops for a little bit but then comes back. I see it in the logs sometimes multiple times per second.
I do have the boxes unchecked on the WAN port for the Block Bogon and Block private networks.
Should this arpresolve error be happening this much and is it something I can resolve?
