Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP how to distribute IP's by MAC address instead of sequentially

    Scheduled Pinned Locked Moved DHCP and DNS
    13 Posts 5 Posters 10.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ Online
      johnpoz LAYER 8 Global Moderator
      last edited by

      "distribute IP's based on the client's MAC address"

      A reservation – yes pfsense does it just fine in the gui, its called a static mapping..  Which is just another name for reservation..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

      1 Reply Last reply Reply Quote 0
      • C Offline
        chris4916
        last edited by

        What would be the purpose of such "per MAC address allocation", aside obvious static mapping based on reservation ?
        What kind of rule should be defined here?

        I've to admit that I never really paid attention to the way IP are allocated from defined pool as, at least to me, it doesn't really matter but now that this topic is raised, I'm wondering what it would bring  ???

        I'm a huge fan of DHCP (all my devices, except DHCP server itself) are using DHCP and I realize I never wonder how IP were distributed.

        Do you have any pointer to how this is done with other routers you are referring to?

        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

        1 Reply Last reply Reply Quote 0
        • ScottyDMS Offline
          ScottyDM
          last edited by

          I would expect sequential assignment, but mine appears to be random. Is that what you want?

          I've been using pfSense about 6 months and have been through a couple of upgrades. I'm on v2.2.6 right now.

          The last octet of my pool is 128 through 239 (unchanged since the beginning) and my assignments are 128, 129, 137, 139, 145, 173, 175, 176, 180, 181, 227, 228, 231, 235, and 236 (includes active and expired leases (none static)). All MAC addresses are unique. I have no idea why I'm seeing this distribution of assigned addresses. But what the heck, doesn't bother me.  :)

          edit: (add) Oh, there doesn't appear to be a correlation between the MAC address and the assigned IP, but perhaps there's some controlling algorithm, such as a hash.

          1 Reply Last reply Reply Quote 0
          • Z Offline
            z
            last edited by

            I'm not looking for random. There's advantages to having the same IP given out to the same devices. Particularly useful for printers. Yes ideally you can do device reservations but that requires knowing the MAC address of the device, or waiting for it to show up in the lease table and well takes some effort on my part to configure. There's time you just want to be lazy.

            dnsmasq has the option do it either way with the –dhcp-sequential-ip option, which isn't the default. I never looked into what pfsense uses under the covers for dhcp.

            1 Reply Last reply Reply Quote 0
            • C Offline
              chris4916
              last edited by

              @z:

              I'm not looking for random. There's advantages to having the same IP given out to the same devices. Particularly useful for printers. Yes ideally you can do device reservations but that requires knowing the MAC address of the device, or waiting for it to show up in the lease table and well takes some effort on my part to configure. There's time you just want to be lazy.

              dnsmasq has the option do it either way with the –dhcp-sequential-ip option, which isn't the default. I never looked into what pfsense uses under the covers for dhcp.

              Now that I better understand your point, there is a couple of comments worth to be stated (from my viewpoint)

              • at 50% of lease duration, DHCP client will ask for lease renewal. As a result, whatever its IP address, device staying almost always connected to "DHCP controlled" network will most likely never change its IP address.
              • Assuming you disconnect, when connecting again, if your IP has not been allocated to another device, you will almost surely inherit from same IP  ;)
              • even if IP allocation was sequential, without reservation, if IP is your entry point, you will have guess of find out which IP has been allocated to which device  ;)  DNS should help better in order to resolve known name into unknown IP
              • with implementation that would associate one given IP to one given MAC address, as far as I understand, it just break the dynamic aspect of DHCP. Concept behind IP address pool is to be able to maintain pool size slightly larger than number of simultaneous devices you expect on your network. This permits to have, however much more DHCP clients than than available IP, as long as they are not connected all at the same time. There is no "one to one" link between IP and MAC. If you enforce such rule, then this doesn't work any more.

              This been said, obviously for some devices and protocols, getting advantages from both DHCP and fixed IP address is very interesting and reservation is the right implementation. It obviously supposes that you don't manage too many devices requiring such configuration effort… which is very light BTW.

              Still, if you know equipment implementing what you describe, please tell me. I'm quite curious about this as I feel this to be misconception about DHCP service.

              Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator
                last edited by

                "Yes ideally you can do device reservations but that requires knowing the MAC address of the device, or waiting for it to show up in the lease table and well takes some effort on my part to configure."

                Dude you ask about assigning IP based upon mac, then you say its a pain and requires effort??

                There are other options you can use for a reservation - clientID, hostname, etc.  depending on what your dhcpd supports.. Never heard of assigning a specific IP based upon mac without a reservation.. This seems counter to what dhcp does..

                How exactly is this IP figured out from the mac?  Maybe your looking at a lease and see that yes a lease is tied to the mac, yes that client will always get that same address forever until that lease expires and server runs out of other IPs to give normally before it will reassign that IP..

                If that client comes back he would get that same IP.

                So I have a pool from say .100 to .120, my first client asks for IP via discover - gets assigned .100, lets call the lease 8 hours.. Now as mentioned that client will continue to renew that lease as long as he is on.. But lets say he goes offline for a while..  The 8 hours expire, that IP can be given now that the lease is up.. But normally the dhcpd will not assign this until it has no other choice..  So if .101 is available .102, etc.. those will all be given..

                Now if .101 to .120 is being used by active leases and client comes along as asks for IP..  And that .100 has expired then yes a different client could get that IP..  But in a small network with a large lease and not many clients to use up the lease more than likely machines will always have the same IP..

                Without you having to enter anything.. Yes pfsense walks through the pool sequentially..  What does it matter how IPs are assigned out of the pool, be it random, be it sequentially be it based upon some variable the client sends to the dhcp pool..  That client will keep that IP until the dhcpd has no other choice but to give reuse it, after the pool has been exhausted.

                A reservation means, no matter what you base it on, duid, clientid, mac is the most common.. That no other client can use that IP even if the pool is exhausted..  With pfsense you can not even assign reservations inside the pool range.. They have to be outside..  So they could never be assigned anyway.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                1 Reply Last reply Reply Quote 0
                • ScottyDMS Offline
                  ScottyDM
                  last edited by

                  Chris and John are right about how lease times and lease renewal works. I keep my notebook's Wifi set to always get it's IP setup from DHCP. When I first got pfSense (about 6 months ago) and I moved my network's DHCP service to pfSense, my notebook grabbed the very first IP in the pool, 128. It's managed to keep 128 even though I've monkeyed with lease times (from a low of a few minutes, to the present setting of 2 days), even during those times it's been away from my network and the lease expired. This has happened multiple times.

                  When I care about something having a fixed IP assigned to it, I don't use DHCP–I manually input the address, mask, gateway, DNS, etc.

                  But I was thinking, that's kind of a hassle. pfSense's DHCP server has a dead simple mechanism for turning a dynamically assigned address into a fixed address. Under "Status / DHCP Leases" find your device, click the "+" along the right edge of the table, and the "Edit static mapping" page will come up.

                  It's crazy to expect a dynamically assigned address will never change. Make it static, by whatever mechanism you choose.

                  1 Reply Last reply Reply Quote 0
                  • C Offline
                    chris4916
                    last edited by

                    @ScottyDM:

                    When I care about something having a fixed IP assigned to it, I don't use DHCP–I manually input the address, mask, gateway, DNS, etc.

                    Unless I temporarily require something really specific in term of IP address and other related stuff, I always use DHCP, with reservation in case I do need fixed IP.
                    Thanks to DHCP, even for fixed (reserved) IP, in case your default gateway changes, or in case you want to change DNS or decide to move your proxy.pac web server, then it requires to change it only once at DHCP server level and wait for leases to be renewed.

                    This is very flexible and convenient.

                    This said, I really don't care about allocation mechanism. Dynamic DNS does the stuff, most of the time, for the few devices I may need to access and not been defined with reserved lease.

                    Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                    1 Reply Last reply Reply Quote 0
                    • ScottyDMS Offline
                      ScottyDM
                      last edited by

                      Chris, while poking at DHCP Leases under Status, I got to thinking–I've been doing it the hard way. So yes, you are right. Heck, it's a holiday and I'm bored. Maybe I'll do that now.  ;D

                      Oh, what did you mean by your last paragraph? My LAN server is running Active Directory, and automagically picks up machine names and addresses and puts them in it's DNS (which is why I must use the LAN server for first-tier resolution on the LAN). Is that what you mean by dynamic?

                      Is there a way to do something like that for my DMZ using only pfSense? Thanks.

                      1 Reply Last reply Reply Quote 0
                      • C Offline
                        chris4916
                        last edited by

                        @ScottyDM:

                        Oh, what did you mean by your last paragraph? My LAN server is running Active Directory, and automagically picks up machine names and addresses and puts them in it's DNS (which is why I must use the LAN server for first-tier resolution on the LAN). Is that what you mean by dynamic?

                        Yes this is what I mean

                        Is there a way to do something like that for my DMZ using only pfSense?

                        Sure. look at attached picture (from pfSense DHCP server settings)

                        dhcp_dynamic_dns.JPG
                        dhcp_dynamic_dns.JPG_thumb

                        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.