Solved

DHCP and client addresses

Posted on 2004-10-07
19
526 Views
Last Modified: 2010-03-18
We have a DHCP server. The clients are configured to receive IP addresses when the boot up. Normally, this would not be a problem. Except that we also have a security device permits/denies a client based on the IP address.

For example, Computer A initially received address of x.x.x.30. The security device has a setting that tells it that x.x.x.30 has full access.

Computer A shuts down for the night to go home.

Now the DHCP server gets rebooted (maintenance work, changing the battery backup, etc).

Next day, when Computer A boots up, I would expect it to get x.x.x.30. Instead it gets x.x.x.40. The security device has a setting that tells it x.x.x.30 has full access, but x.x.x.40 has limited or no access.

So Computer A tries to gain access to the secured site, but is denied because it has obtained a different IP address.

2-Part question:

Why would the DHCP server assign a new address if the all Computer A did was shut down
and the server was rebooted AFTER Computer was down?

Also, aside from assigning reservations on the DHCP server (which I would prefer not to do), is there a method to insure that the client was ALWAYS receive the same IP address EACH AND EVERY SINGLE TIME?

Additional question:

I also have several devices that are assigned static addresses. If my range to give out is x.x.x.15 to x.x.x.100 AND some of these devices fall into that category, do I have to, repeat, have to exclude these addresses on the DHCP server?

Hoping to hear from you.
0
Comment
Question by:mperez1216
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
  • 2
  • +1
19 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252296

The Lease time determines how long a client can keep an address for. Try increasing the Lease time, or perhaps setting it to Infinite. That should stop the DHCP giving out addresses to different clients.

You might find it is better to set up an excluded range that you can put all these devices into though?
0
 

Author Comment

by:mperez1216
ID: 12252344
What affect does setting the lease to infinite have when the client shuts down for the night? Will it cause an IP conflict when he boots up the next day? In other words, will he cause a conflict with himself? I've seen this happen.

As far as the exclusing range, I have several devices. I try to keep them in a general area, but one area may have 10 spots in the 100-115 range, whereas other devices may have only 2 or 3 spots in the 30-40 range, with a several client stations in the same range.

How would I resolve that?
0
 
LVL 6

Accepted Solution

by:
chumplet earned 125 total points
ID: 12252364
Your DHCP server *should* hold that lease for the allotted period of time (say 7 days), then the client and server will attempt to renew that lease approximately halfway through -- after 3.5 days.  That process *should* continue over and over as long as the client and server are talking to each other.  Reboots on either side, as far as I understand, should not affect this.  Anything else in this config that you can tell us?

As for "keeping" an address for a specific client, you have 3 options: 1) set the DHCP lease to infinite, 2) set an IP address 'reservation' in DHCP, or 3) staticly assign that IP address to that client.

Lastly, if the DHCP server has a range of addresses from .15 - .100 and you have clients staticly assigned at any of those addresses in that range, then you have potential for IP address conflicts.  Either exclude those addresses individually, exclude a range of addresses that includes all of those, or change the range of IPs that DHCP gives out to *not* include those.

Hope that helps out... :)

Chumplet
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252378

What Chumplet said ;)
0
 

Author Comment

by:mperez1216
ID: 12252451
A. I do know that the address lease is set to, I believe, 12 Hours.
B. Any static address is assigned to a device that is not a client pc (printers, routers, etc).
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12252474
I'll agree with Chumplet with one change.... just make the address static and be done with it.

On some DHCP servers, you can reserve specific IP addresses for specific MAC addresses (I think Chumplet might have been referring to this in item #2?)....but why bother? :)

Jon
0
 

Author Comment

by:mperez1216
ID: 12252507
Recommended Actions:

1. Change lease period from current to infinite.
2. Add any exclusions, either by specific IP or by range.
3. Because the lease is infinite, I should not need to make any reservation on an IP.

Let me know if #3 is correct.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252516

With a 12 hour lease time if you leave a machine off overnight the lease expires and the address is available for any other device on the network - so the firewall rules will be out of date.

Are the static addresses in an exclusion range on your DHCP Server?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252526

oops... too slow.

3 is correct - but in the case of assiging firewall rules it might be sensible to make it reserved.
0
 

Author Comment

by:mperez1216
ID: 12252631
I went to the DHCP server and under the 'Scope' properties, I did not see an 'infinite' option, but I do see an 'unlimited' option. I was incorrect in the time frame, though. The person who configured the box informed me it was 12 hours, but the time frame is actually 8 hours.

If this is the correct setting, I can at least get that portion going.

0
 

Author Comment

by:mperez1216
ID: 12252648
Sorry, missed a sentence. Yes, some of the statics ip's are in the exclusion range, where others are not.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252663

Yep Unlimited is the correct option.

If it isn't possible to move the remainder of the static IPs into the Exclusion then it would be a good idea to reserve them individually to avoid potential conflicts.
0
 

Author Comment

by:mperez1216
ID: 12252674
Reserve them or enter them as an individual exclusion?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252740

Either will work, but since they are static Exclude would be more accurate.
0
 
LVL 6

Expert Comment

by:chumplet
ID: 12252797
Agreed.... 'exclude' is a better option.  

In my opinion (and it's only an opinion), reservations are a royal pain-in-the-rear.  Either allow DHCP to dole out addresses *OR* staticly assign them on the box.
0
 

Author Comment

by:mperez1216
ID: 12252830
Exclusion. That's what I thought. Exclusion it is.

On a side note, are there any "pitfalls" regarding unlimited lease that I should be aware of?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252833
I agree, never been found of Reservations, you're either assigning it statically or you're not right?

Of course there are exceptions, generally ISPs, where Dynamically Assigned Static IPs are appropriate.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12252840

Only that it never releases address, so if find you've run out that'll be while.

Running out would only really happen though if you have a high turnover of network devices (or just an almost full scope).
0
 

Author Comment

by:mperez1216
ID: 12252879
Kudos to all.

Thanks.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Resolve DNS query failed errors for Exchange
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question