DHCP how to distribute IP's by MAC address instead of sequentially



  • I'm using v2.3.

    My DHCP range on my LAN is 192.168.0.100 thru 192.168.0.254.

    I'm noticing the client devices are getting IP's sequentially starting at 192.168.0.100, 101, 102, 103, etc.

    Is there a way to configure the DHCP server to distribute IP's based on the client's MAC address? If there's a way in the GUI, I'm not seeing it.

    I've worked with other dnsmasq setups that dish out IP's based on MAC address. How to achieve this in pfSense via the GUI?



  • I'm not sure about your version but can static ip mappings be a solution for you?

    https://doc.pfsense.org/index.php/DHCP_Server



  • Yes, I'm going to resort to using some IP reservations for some devices, like printers. I was surprised to see pfsense distribute IP's sequentially. Lot's of other routers do it by MAC address and pfSense being as feature rich as it is figured would have the option for it, but I'm not seeing it.


  • LAYER 8 Global Moderator

    "distribute IP's based on the client's MAC address"

    A reservation – yes pfsense does it just fine in the gui, its called a static mapping..  Which is just another name for reservation..



  • What would be the purpose of such "per MAC address allocation", aside obvious static mapping based on reservation ?
    What kind of rule should be defined here?

    I've to admit that I never really paid attention to the way IP are allocated from defined pool as, at least to me, it doesn't really matter but now that this topic is raised, I'm wondering what it would bring  ???

    I'm a huge fan of DHCP (all my devices, except DHCP server itself) are using DHCP and I realize I never wonder how IP were distributed.

    Do you have any pointer to how this is done with other routers you are referring to?



  • I would expect sequential assignment, but mine appears to be random. Is that what you want?

    I've been using pfSense about 6 months and have been through a couple of upgrades. I'm on v2.2.6 right now.

    The last octet of my pool is 128 through 239 (unchanged since the beginning) and my assignments are 128, 129, 137, 139, 145, 173, 175, 176, 180, 181, 227, 228, 231, 235, and 236 (includes active and expired leases (none static)). All MAC addresses are unique. I have no idea why I'm seeing this distribution of assigned addresses. But what the heck, doesn't bother me.  :)

    edit: (add) Oh, there doesn't appear to be a correlation between the MAC address and the assigned IP, but perhaps there's some controlling algorithm, such as a hash.



  • I'm not looking for random. There's advantages to having the same IP given out to the same devices. Particularly useful for printers. Yes ideally you can do device reservations but that requires knowing the MAC address of the device, or waiting for it to show up in the lease table and well takes some effort on my part to configure. There's time you just want to be lazy.

    dnsmasq has the option do it either way with the –dhcp-sequential-ip option, which isn't the default. I never looked into what pfsense uses under the covers for dhcp.



  • @z:

    I'm not looking for random. There's advantages to having the same IP given out to the same devices. Particularly useful for printers. Yes ideally you can do device reservations but that requires knowing the MAC address of the device, or waiting for it to show up in the lease table and well takes some effort on my part to configure. There's time you just want to be lazy.

    dnsmasq has the option do it either way with the –dhcp-sequential-ip option, which isn't the default. I never looked into what pfsense uses under the covers for dhcp.

    Now that I better understand your point, there is a couple of comments worth to be stated (from my viewpoint)

    • at 50% of lease duration, DHCP client will ask for lease renewal. As a result, whatever its IP address, device staying almost always connected to "DHCP controlled" network will most likely never change its IP address.
    • Assuming you disconnect, when connecting again, if your IP has not been allocated to another device, you will almost surely inherit from same IP  ;)
    • even if IP allocation was sequential, without reservation, if IP is your entry point, you will have guess of find out which IP has been allocated to which device  ;)  DNS should help better in order to resolve known name into unknown IP
    • with implementation that would associate one given IP to one given MAC address, as far as I understand, it just break the dynamic aspect of DHCP. Concept behind IP address pool is to be able to maintain pool size slightly larger than number of simultaneous devices you expect on your network. This permits to have, however much more DHCP clients than than available IP, as long as they are not connected all at the same time. There is no "one to one" link between IP and MAC. If you enforce such rule, then this doesn't work any more.

    This been said, obviously for some devices and protocols, getting advantages from both DHCP and fixed IP address is very interesting and reservation is the right implementation. It obviously supposes that you don't manage too many devices requiring such configuration effort… which is very light BTW.

    Still, if you know equipment implementing what you describe, please tell me. I'm quite curious about this as I feel this to be misconception about DHCP service.


  • LAYER 8 Global Moderator

    "Yes ideally you can do device reservations but that requires knowing the MAC address of the device, or waiting for it to show up in the lease table and well takes some effort on my part to configure."

    Dude you ask about assigning IP based upon mac, then you say its a pain and requires effort??

    There are other options you can use for a reservation - clientID, hostname, etc.  depending on what your dhcpd supports.. Never heard of assigning a specific IP based upon mac without a reservation.. This seems counter to what dhcp does..

    How exactly is this IP figured out from the mac?  Maybe your looking at a lease and see that yes a lease is tied to the mac, yes that client will always get that same address forever until that lease expires and server runs out of other IPs to give normally before it will reassign that IP..

    If that client comes back he would get that same IP.

    So I have a pool from say .100 to .120, my first client asks for IP via discover - gets assigned .100, lets call the lease 8 hours.. Now as mentioned that client will continue to renew that lease as long as he is on.. But lets say he goes offline for a while..  The 8 hours expire, that IP can be given now that the lease is up.. But normally the dhcpd will not assign this until it has no other choice..  So if .101 is available .102, etc.. those will all be given..

    Now if .101 to .120 is being used by active leases and client comes along as asks for IP..  And that .100 has expired then yes a different client could get that IP..  But in a small network with a large lease and not many clients to use up the lease more than likely machines will always have the same IP..

    Without you having to enter anything.. Yes pfsense walks through the pool sequentially..  What does it matter how IPs are assigned out of the pool, be it random, be it sequentially be it based upon some variable the client sends to the dhcp pool..  That client will keep that IP until the dhcpd has no other choice but to give reuse it, after the pool has been exhausted.

    A reservation means, no matter what you base it on, duid, clientid, mac is the most common.. That no other client can use that IP even if the pool is exhausted..  With pfsense you can not even assign reservations inside the pool range.. They have to be outside..  So they could never be assigned anyway.



  • Chris and John are right about how lease times and lease renewal works. I keep my notebook's Wifi set to always get it's IP setup from DHCP. When I first got pfSense (about 6 months ago) and I moved my network's DHCP service to pfSense, my notebook grabbed the very first IP in the pool, 128. It's managed to keep 128 even though I've monkeyed with lease times (from a low of a few minutes, to the present setting of 2 days), even during those times it's been away from my network and the lease expired. This has happened multiple times.

    When I care about something having a fixed IP assigned to it, I don't use DHCP–I manually input the address, mask, gateway, DNS, etc.

    But I was thinking, that's kind of a hassle. pfSense's DHCP server has a dead simple mechanism for turning a dynamically assigned address into a fixed address. Under "Status / DHCP Leases" find your device, click the "+" along the right edge of the table, and the "Edit static mapping" page will come up.

    It's crazy to expect a dynamically assigned address will never change. Make it static, by whatever mechanism you choose.



  • @ScottyDM:

    When I care about something having a fixed IP assigned to it, I don't use DHCP–I manually input the address, mask, gateway, DNS, etc.

    Unless I temporarily require something really specific in term of IP address and other related stuff, I always use DHCP, with reservation in case I do need fixed IP.
    Thanks to DHCP, even for fixed (reserved) IP, in case your default gateway changes, or in case you want to change DNS or decide to move your proxy.pac web server, then it requires to change it only once at DHCP server level and wait for leases to be renewed.

    This is very flexible and convenient.

    This said, I really don't care about allocation mechanism. Dynamic DNS does the stuff, most of the time, for the few devices I may need to access and not been defined with reserved lease.



  • Chris, while poking at DHCP Leases under Status, I got to thinking–I've been doing it the hard way. So yes, you are right. Heck, it's a holiday and I'm bored. Maybe I'll do that now.  ;D

    Oh, what did you mean by your last paragraph? My LAN server is running Active Directory, and automagically picks up machine names and addresses and puts them in it's DNS (which is why I must use the LAN server for first-tier resolution on the LAN). Is that what you mean by dynamic?

    Is there a way to do something like that for my DMZ using only pfSense? Thanks.



  • @ScottyDM:

    Oh, what did you mean by your last paragraph? My LAN server is running Active Directory, and automagically picks up machine names and addresses and puts them in it's DNS (which is why I must use the LAN server for first-tier resolution on the LAN). Is that what you mean by dynamic?

    Yes this is what I mean

    Is there a way to do something like that for my DMZ using only pfSense?

    Sure. look at attached picture (from pfSense DHCP server settings)



Log in to reply