pfsense DHCP Reservation Questions

johnpoz

@djtech2k one thing that might be different from some other dhcp server is reservations have to be outside the pool.. So create a pool say 192.168.x.100-240 or something.

Now you can set reservations .2-99 or 241-254

Assuming pfsense is .1

If you box is set static on the device - it would never ask for a lease, so how would pfsense show a lease for it - did you maybe set it up dhcp at first it grabbed a lease and then you set it static..

Just delete that lease for .x if your device is static at .y

There is little need a reservation if your just going to set static - but it is a way to keep track.. And if you have a reservation for mac abc, for 192.168.x.y - why bother setting it static on the device it will always get x.y from dhcp server.

Its good practice to not set static ips inside your pool, that is why you should edit the pool to leave ips off on the beginning and end for static or reservations.

You can have multiple pools as well so like .10-100, leaving .101-.120 out and then another pool .121 to .244, leaving 10 open at the end as well, etc.

btw what dhcp are you running on pfsense isc or the new kea.. While there have been strides in bringing it to feature parity in 24.11 - I just don't have the time to fully vet it for the stuff I need.. So I still run isc which is rock solid. Other than the dhcp entries into dns - but I run everything with a reservation that I would have any care of resolving via dns ;)

djtech2k

@johnpoz

I get that having static IP's mixed into the middle of a DHCP scope is not a best practice. Its my home network so it was just a convenience that worked for years on my current router. I just have static IP's and reservations scattered throughout the scope, so some in the 2-30 range, some in the 100-105 range, and some in the 200-254 range.

In my test, my laptop was connected and I had the DHCP scope set to 101-199. The laptop got a lease for .101. I then put in a reservation for .101 with the laptop MAC. I then went into the laptop and set the IP to static at .101. When I look at the DHCP leases in pfsense, it shows there is a lease for .102 for the laptop. I double checked the laptop and it does not recognize a .102 address. So it is really a confusing result.

All in all, I'd like to be able to just put in a reservation for all the static IP's so that essentially those IP's can never get handed out to any other device. That way I could just use the entire /24 and not have to worry about it. If that is not possible and that is how it looks right now, then I will either need to have multiple small dhcp scopes in the contiguous ranges OR re-ip all the static IP's OR remove all static IP's and make the reservations. I am hesitant to do the last just in case the DHCP server has an issue, then reaching the devices with no static IP will be very difficult. For reference, the devices with static IP's are things like switches, servers/domain controllers, etc.

johnpoz

@djtech2k not sure what part did not click for you.. You can not set a reservation for an IP inside your pool

If you have .10-.15 in you pool gets .12 - you can't then set a reservation -- 12 is inside the pool..

If you want 12 to be excluded for the pool then create a pool .10-.11 and another pool .13-15

SteveITS

@djtech2k said in pfsense DHCP Reservation Questions:

don't really understand why DHCP is doing what its doing on pfsense

See:
https://docs.netgate.com/pfsense/en/latest/services/dhcp/mappings-in-pools.html

djtech2k

@johnpoz

Yeah, I got it. I went back and looked over the dhcp config again to refresh my memory. I understand how they made reservations and scope work. I do not like how it works and I wish it were different, but it is what it is.

I wasn’t sure if there were any other options for dhcp of if I overlooked something or not. Sounds/looks there is not. So it’ll have to be multiple smaller scopes that don’t include static/reservations or rearrange ip assignments on the network to accommodate a contiguous scope.

Validating is half the battle.

johnpoz

@djtech2k what I do when I add a new device is just let it get dhcp - then set a reservation for outside the pool. I'm not sure why anyone set a static on a device other than devices that don't even support dhcp

You can change its ip without ever having to touch it, you could even change whole network ip space. You can change options again without having to touch it..

My dhcp scopes are small .100-120 for example - rest of the space I just use as reservation. And its easy enough to know what IP is next to use..

P3R

@johnpoz said in pfsense DHCP Reservation Questions:

I'm not sure why anyone set a static on a device other than devices that don't even support dhcp

Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs and not resort to APIPA should the non-redundant DHCP-service fail.

Gertjan

@P3R said in pfsense DHCP Reservation Questions:

Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs

That's why static MAC DHCP lease were invented. Also valid for DHCPv6 btw.
Every device on my main LAN network support DHCPv4/DHCPv6.
Every device on my main LAN network always has the same IPv4/IPv6..
I've started to add a static MAC DHCP lease for every device I had back then (many decades ago), and continued to so for every new device I add (one or two every year).

This means that I don't need to change something on the device, they are all 'out of the box', and these are printers, NAS, APs, PC's and servers, some witches, and some other 'special' stuff. 50 or so.

I've lost some what the notion of 'what IPv4 is sud by what device' as I gave them all my defined short host names.
Most devices don't even really use IPv4 anymore, they use IPv6 these days. And I'm not going to remember these anyway, they are to long, even when using 'short' mode.
I've my short host names, I will not break DNS, so everything works fine.

If you don't have 24.11 with kea that supports this, stay with ISC and you're fine. Worked for me for since early 2010. ISC still rocks for billions of devices.
With 24.11 and kea, static DHCP work fine also.
Same thing for DHCPv6.

johnpoz

@P3R where did you quote that from ;)

You know what needs static - loopback on your infrastructure equipment. The dhcp server ;) Your gateway on whatever network - which is normally by common practice either the 1st IP or the last on a network.

But sure go ahead if you want - but there is no reason they should be just shotgunned into the ip network.. put them on one side of the pool ;)

But also not just loopback on your routers or switches.. But normally their management IP on its own infrastructure network anyway. Servers of some kind would be on their own normally as well. But sure there might be some static stuff on any network. The gateway device, dns or dhcp server itself, etc. Common practice is to leave a few ips on each side of the scope.. We normally start at .10 and end at .244.

P3R

@johnpoz said in pfsense DHCP Reservation Questions:

@P3R where did you quote that from ;)

I quoted you and it says so in the first line of that post. It's the same in this one.

But sure go ahead if you want - but there is no reason they should be just shotgunned into the ip network.. put them on one side of the pool ;)

I'm not the OP and I have them outside of the pool, bottom and top. I just explained why some may use static and I don't need the approval.

I reserve them in DHCP as well though. That way the DHCP configuration is at the same time my IP documentation and it prevent any problems should there be a factory reset of a device. A little more work initially but less problems later on.

But also not just loopback on your routers or switches.. But normally their management IP on its own infrastructure network anyway. Servers of some kind would be on their own normally as well.

True for professional users and equipment but not for many home users.

johnpoz

@P3R said in pfsense DHCP Reservation Questions:

I quoted you and it says so in the first line of that post. It's the same in this one.

not not me - this part, this sounds like it came from doc from back in the day on why static is better

"Because it prevent the most important infrastructure devices in the network to remain on their well-known IPs"

True for professional users and equipment but not for many home users.

Sure - true, but what is the point of breaking up your pool and putting IPs inside your continuous space.. Just leave some in the beginning and leave some at the end for your reservations and statics.. A pool of .10 to .244 leaves you 20 ips for static or reservations - if you need more use .20 to .234, etc. or 100-200 as your pool.

What does it matter if device X is .9 or .90 ? or .128 or .156 or .245, etc..

P3R

@johnpoz said in pfsense DHCP Reservation Questions:

not not me - this part, this sounds like it came from doc from back in the day on why static is better...

Ah okay. It wasn't a quote, those were my own words. I don't mind that you mock me for being old-school because that's what I am.

Sure - true, but what is the point of breaking up your pool and putting IPs inside your continuous space..

Maybe I was unclear but I'll try again. I don't do what you say there.
It is the OP that like it that way but I'm not him.

I have my static and reserved IPs in the beginning and at the end of the IP subnet and the pool in the middle so very similar to your recommendation.