Solved

DHCP and client addresses

Posted on 2004-10-07
19
519 Views
Last Modified: 2010-03-18
We have a DHCP server. The clients are configured to receive IP addresses when the boot up. Normally, this would not be a problem. Except that we also have a security device permits/denies a client based on the IP address.

For example, Computer A initially received address of x.x.x.30. The security device has a setting that tells it that x.x.x.30 has full access.

Computer A shuts down for the night to go home.

Now the DHCP server gets rebooted (maintenance work, changing the battery backup, etc).

Next day, when Computer A boots up, I would expect it to get x.x.x.30. Instead it gets x.x.x.40. The security device has a setting that tells it x.x.x.30 has full access, but x.x.x.40 has limited or no access.

So Computer A tries to gain access to the secured site, but is denied because it has obtained a different IP address.

2-Part question:

Why would the DHCP server assign a new address if the all Computer A did was shut down
and the server was rebooted AFTER Computer was down?

Also, aside from assigning reservations on the DHCP server (which I would prefer not to do), is there a method to insure that the client was ALWAYS receive the same IP address EACH AND EVERY SINGLE TIME?

Additional question:

I also have several devices that are assigned static addresses. If my range to give out is x.x.x.15 to x.x.x.100 AND some of these devices fall into that category, do I have to, repeat, have to exclude these addresses on the DHCP server?

Hoping to hear from you.
0
Comment
Question by:mperez1216
  • 8
  • 8
  • 2
  • +1
19 Comments
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

The Lease time determines how long a client can keep an address for. Try increasing the Lease time, or perhaps setting it to Infinite. That should stop the DHCP giving out addresses to different clients.

You might find it is better to set up an excluded range that you can put all these devices into though?
0
 

Author Comment

by:mperez1216
Comment Utility
What affect does setting the lease to infinite have when the client shuts down for the night? Will it cause an IP conflict when he boots up the next day? In other words, will he cause a conflict with himself? I've seen this happen.

As far as the exclusing range, I have several devices. I try to keep them in a general area, but one area may have 10 spots in the 100-115 range, whereas other devices may have only 2 or 3 spots in the 30-40 range, with a several client stations in the same range.

How would I resolve that?
0
 
LVL 6

Accepted Solution

by:
chumplet earned 125 total points
Comment Utility
Your DHCP server *should* hold that lease for the allotted period of time (say 7 days), then the client and server will attempt to renew that lease approximately halfway through -- after 3.5 days.  That process *should* continue over and over as long as the client and server are talking to each other.  Reboots on either side, as far as I understand, should not affect this.  Anything else in this config that you can tell us?

As for "keeping" an address for a specific client, you have 3 options: 1) set the DHCP lease to infinite, 2) set an IP address 'reservation' in DHCP, or 3) staticly assign that IP address to that client.

Lastly, if the DHCP server has a range of addresses from .15 - .100 and you have clients staticly assigned at any of those addresses in that range, then you have potential for IP address conflicts.  Either exclude those addresses individually, exclude a range of addresses that includes all of those, or change the range of IPs that DHCP gives out to *not* include those.

Hope that helps out... :)

Chumplet
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

What Chumplet said ;)
0
 

Author Comment

by:mperez1216
Comment Utility
A. I do know that the address lease is set to, I believe, 12 Hours.
B. Any static address is assigned to a device that is not a client pc (printers, routers, etc).
0
 
LVL 4

Expert Comment

by:JonSh
Comment Utility
I'll agree with Chumplet with one change.... just make the address static and be done with it.

On some DHCP servers, you can reserve specific IP addresses for specific MAC addresses (I think Chumplet might have been referring to this in item #2?)....but why bother? :)

Jon
0
 

Author Comment

by:mperez1216
Comment Utility
Recommended Actions:

1. Change lease period from current to infinite.
2. Add any exclusions, either by specific IP or by range.
3. Because the lease is infinite, I should not need to make any reservation on an IP.

Let me know if #3 is correct.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

With a 12 hour lease time if you leave a machine off overnight the lease expires and the address is available for any other device on the network - so the firewall rules will be out of date.

Are the static addresses in an exclusion range on your DHCP Server?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

oops... too slow.

3 is correct - but in the case of assiging firewall rules it might be sensible to make it reserved.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:mperez1216
Comment Utility
I went to the DHCP server and under the 'Scope' properties, I did not see an 'infinite' option, but I do see an 'unlimited' option. I was incorrect in the time frame, though. The person who configured the box informed me it was 12 hours, but the time frame is actually 8 hours.

If this is the correct setting, I can at least get that portion going.

0
 

Author Comment

by:mperez1216
Comment Utility
Sorry, missed a sentence. Yes, some of the statics ip's are in the exclusion range, where others are not.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Yep Unlimited is the correct option.

If it isn't possible to move the remainder of the static IPs into the Exclusion then it would be a good idea to reserve them individually to avoid potential conflicts.
0
 

Author Comment

by:mperez1216
Comment Utility
Reserve them or enter them as an individual exclusion?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Either will work, but since they are static Exclude would be more accurate.
0
 
LVL 6

Expert Comment

by:chumplet
Comment Utility
Agreed.... 'exclude' is a better option.  

In my opinion (and it's only an opinion), reservations are a royal pain-in-the-rear.  Either allow DHCP to dole out addresses *OR* staticly assign them on the box.
0
 

Author Comment

by:mperez1216
Comment Utility
Exclusion. That's what I thought. Exclusion it is.

On a side note, are there any "pitfalls" regarding unlimited lease that I should be aware of?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility
I agree, never been found of Reservations, you're either assigning it statically or you're not right?

Of course there are exceptions, generally ISPs, where Dynamically Assigned Static IPs are appropriate.
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

Only that it never releases address, so if find you've run out that'll be while.

Running out would only really happen though if you have a high turnover of network devices (or just an almost full scope).
0
 

Author Comment

by:mperez1216
Comment Utility
Kudos to all.

Thanks.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now