DHCP settings if all devices of the VLAN are static mapping
-
Good day. What is the DHCP settings for a VLAN if the only allowed devices are those devices whose MAC Addresses are set in static mapping?
In this example only these devices should be allowed to connect to this VLAN:
The DHCP is enabled. Will the static mapping of the IP Addresses of the devices be implemented if this is disabled?
How to prevent the one device that will be given 172.16.111.254 IP Address by the DHCP Server? Thank you in advance.
-
@richardsago said in DHCP settings if all devices of the VLAN are static mapping:
The DHCP is enabled. Will the static mapping of the IP Addresses of the devices be implemented if this is disabled?
Easy answer : ask the admin, as he has some work to do.
This :
means that one(1) device who hasn't a static lease set up upfront, will receive a dynamic DHCP lease.
The next device that asks a dynamic lease - and hasn't a static lease set up, will receive a NAK, or 'go away' and will fall back to a 169.a.b.c non routable IPv4.
But maybe this is what you want.So : make an inventory of all your known devices (even the ones you don't know about) and make a list like this :
and from that moment, all your 'known' devices will get 'their' 'static' IPv4 - for live.
Bonus : you control the host names, so no moreb8:94:e7:4a:d7:cc Xiaomi Communications Co Ltdbut :
172.16.111.100 My-Sisters-F-Clone-Droid-phonewhere "My-Sisters-F-Clone-Droid-phone" is the host name.
I presume you've already done this ^^ but you didn't told about it.
Btw : ISC ?
Consider :
as it (pfSense's kea implementation) has reached the "good enough for me" stage.
-
Thank you @Gertjan for the reply. If the "Enable DHCP server on VLAN10 interface" is turned off and only the authorized devices' MAC Addresses are added in the DHCP Static Mappings and "Allow known clients from only this interface" was chosen in the "Deny Unknown Clients", will the authorized devices get the IP Address from the static mappings? Or the authorized devices will not receive any IP Address because the DHCP is turned off on this VLAN?
-
@richardsago no IPs will be handed out if DHCP Serverbis not running.
-
Thank you @SteveITS for the reply. If the "Enable DHCP server on VLAN10 interface" is turned on and only the authorized devices' MAC Addresses are added in the DHCP Static Mappings and "Allow known clients from only this interface" was chosen in the "Deny Unknown Clients", is there a way for the DHCP Address Pool Range to be set to blank so that only the authorized devices in the static mapping can be given IP Addresses?
edited to add this screenshot:
-
@richardsago said in DHCP settings if all devices of the VLAN are static mapping:
Thank you @SteveITS for the reply. If the "Enable DHCP server on VLAN10 interface" is turned on and only the authorized devices' MAC Addresses are added in the DHCP Static Mappings and "Allow known clients from only this interface" was chosen in the "Deny Unknown Clients", is there a way for the DHCP Address Pool Range to be set to blank so that only the authorized devices in the static mapping can be given IP Addresses?
Although this is valid for kea (can't remember ISC anymore ^^ ) :
what I make of it : only static MAC DHCP devices will get a device.
A device not present in that list (bottom of the DHCP server page) will not receive a lease.
Easy to test : just keep an eye on Status > DHCP Leases if dynamic leases where allocated.The fact that you have a minimal DHCP pool present doesn't mean that it will be used.
edit : and I presume ISC had the same functionality.
-
Thank you @Gertjan for the reply. I could be wrong but I remember our pfsense 2.1 of many versions ago does not allow a blank value in the Address Pool Range so it has a single IP address in the pool range. And what would happen is an unregistered device will receive this IP address and will be listed in the DHCP Leases. I will test in the next available time.
-
@richardsago that’s a long time ago… Anyway that is the point of “Deny unknown clients” and yes it does work.
