pfsense DHCP Reservation Questions
-
I am in the midst of migrating from my old router (Asus) with the RMerlin build to pfsense. The way I have been running DHCP for years is with 1 pool in 192.168.x.x/24 and I would put in reservations for anything I wanted or reserved OR anything I had with a static IP. I realize a static IP is not a reservation but fundamentally it has worked fine.
Now that I am migrating to pfsense, I have been unable to get this to work. I have manually brought over all of the DHCP reservations. I only have 1 laptop connected to it for testing now, but when I test assigning a static IP to the laptop, pfsense does seems to assign it a new IP in the DHCP leases section, even though the laptop has the same IP that I put in the reservation assigned to it statically.
So my question is if there there is any way to get DHCP on pfsense to operate this way. My challenge is that I have IP's either in reservation or static that are spread throughout the subnet so I can't easily just change the DHCP scope to a contiguous range. This is my home lab so not an enterprise network and this happened just over the years of grabbing some IP's that were easy to remember. I realize my other option is to re-IP everything that's static and put them in a range that is excluded from the DHCP pool. I am just wondering if there is another way.
Its not a massive issue but a convenience more than anything and I don't really understand why DHCP is doing what its doing on pfsense so I want to understand it better.
-
@djtech2k one thing that might be different from some other dhcp server is reservations have to be outside the pool.. So create a pool say 192.168.x.100-240 or something.
Now you can set reservations .2-99 or 241-254
Assuming pfsense is .1
If you box is set static on the device - it would never ask for a lease, so how would pfsense show a lease for it - did you maybe set it up dhcp at first it grabbed a lease and then you set it static..
Just delete that lease for .x if your device is static at .y
There is little need a reservation if your just going to set static - but it is a way to keep track.. And if you have a reservation for mac abc, for 192.168.x.y - why bother setting it static on the device it will always get x.y from dhcp server.
Its good practice to not set static ips inside your pool, that is why you should edit the pool to leave ips off on the beginning and end for static or reservations.
You can have multiple pools as well so like .10-100, leaving .101-.120 out and then another pool .121 to .244, leaving 10 open at the end as well, etc.
btw what dhcp are you running on pfsense isc or the new kea.. While there have been strides in bringing it to feature parity in 24.11 - I just don't have the time to fully vet it for the stuff I need.. So I still run isc which is rock solid. Other than the dhcp entries into dns - but I run everything with a reservation that I would have any care of resolving via dns ;)
-
I get that having static IP's mixed into the middle of a DHCP scope is not a best practice. Its my home network so it was just a convenience that worked for years on my current router. I just have static IP's and reservations scattered throughout the scope, so some in the 2-30 range, some in the 100-105 range, and some in the 200-254 range.
In my test, my laptop was connected and I had the DHCP scope set to 101-199. The laptop got a lease for .101. I then put in a reservation for .101 with the laptop MAC. I then went into the laptop and set the IP to static at .101. When I look at the DHCP leases in pfsense, it shows there is a lease for .102 for the laptop. I double checked the laptop and it does not recognize a .102 address. So it is really a confusing result.
All in all, I'd like to be able to just put in a reservation for all the static IP's so that essentially those IP's can never get handed out to any other device. That way I could just use the entire /24 and not have to worry about it. If that is not possible and that is how it looks right now, then I will either need to have multiple small dhcp scopes in the contiguous ranges OR re-ip all the static IP's OR remove all static IP's and make the reservations. I am hesitant to do the last just in case the DHCP server has an issue, then reaching the devices with no static IP will be very difficult. For reference, the devices with static IP's are things like switches, servers/domain controllers, etc.
-
@djtech2k not sure what part did not click for you.. You can not set a reservation for an IP inside your pool
If you have .10-.15 in you pool gets .12 - you can't then set a reservation -- 12 is inside the pool..
If you want 12 to be excluded for the pool then create a pool .10-.11 and another pool .13-15
-
@djtech2k said in pfsense DHCP Reservation Questions:
don't really understand why DHCP is doing what its doing on pfsense
See:
https://docs.netgate.com/pfsense/en/latest/services/dhcp/mappings-in-pools.html -
Yeah, I got it. I went back and looked over the dhcp config again to refresh my memory. I understand how they made reservations and scope work. I do not like how it works and I wish it were different, but it is what it is.
I wasn’t sure if there were any other options for dhcp of if I overlooked something or not. Sounds/looks there is not. So it’ll have to be multiple smaller scopes that don’t include static/reservations or rearrange ip assignments on the network to accommodate a contiguous scope.
Validating is half the battle.
-
@djtech2k what I do when I add a new device is just let it get dhcp - then set a reservation for outside the pool. I'm not sure why anyone set a static on a device other than devices that don't even support dhcp
You can change its ip without ever having to touch it, you could even change whole network ip space. You can change options again without having to touch it..
My dhcp scopes are small .100-120 for example - rest of the space I just use as reservation. And its easy enough to know what IP is next to use..
-
@johnpoz said in pfsense DHCP Reservation Questions:
I'm not sure why anyone set a static on a device other than devices that don't even support dhcp
Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs and not resort to APIPA should the non-redundant DHCP-service fail.
-
@P3R said in pfsense DHCP Reservation Questions:
Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs
That's why static MAC DHCP lease were invented. Also valid for DHCPv6 btw.
Every device on my main LAN network support DHCPv4/DHCPv6.
Every device on my main LAN network always has the same IPv4/IPv6..
I've started to add a static MAC DHCP lease for every device I had back then (many decades ago), and continued to so for every new device I add (one or two every year).This means that I don't need to change something on the device, they are all 'out of the box', and these are printers, NAS, APs, PC's and servers, some witches, and some other 'special' stuff. 50 or so.
I've lost some what the notion of 'what IPv4 is sud by what device' as I gave them all my defined short host names.
Most devices don't even really use IPv4 anymore, they use IPv6 these days. And I'm not going to remember these anyway, they are to long, even when using 'short' mode.
I've my short host names, I will not break DNS, so everything works fine.If you don't have 24.11 with kea that supports this, stay with ISC and you're fine. Worked for me for since early 2010. ISC still rocks for billions of devices.
With 24.11 and kea, static DHCP work fine also.
Same thing for DHCPv6. -
@P3R where did you quote that from ;)
You know what needs static - loopback on your infrastructure equipment. The dhcp server ;) Your gateway on whatever network - which is normally by common practice either the 1st IP or the last on a network.
But sure go ahead if you want - but there is no reason they should be just shotgunned into the ip network.. put them on one side of the pool ;)
But also not just loopback on your routers or switches.. But normally their management IP on its own infrastructure network anyway. Servers of some kind would be on their own normally as well. But sure there might be some static stuff on any network. The gateway device, dns or dhcp server itself, etc. Common practice is to leave a few ips on each side of the scope.. We normally start at .10 and end at .244.