Solved

DHCP and client addresses

Posted on 2004-10-07
19
523 Views
Last Modified: 2010-03-18
We have a DHCP server. The clients are configured to receive IP addresses when the boot up. Normally, this would not be a problem. Except that we also have a security device permits/denies a client based on the IP address.

For example, Computer A initially received address of x.x.x.30. The security device has a setting that tells it that x.x.x.30 has full access.

Computer A shuts down for the night to go home.

Now the DHCP server gets rebooted (maintenance work, changing the battery backup, etc).

Next day, when Computer A boots up, I would expect it to get x.x.x.30. Instead it gets x.x.x.40. The security device has a setting that tells it x.x.x.30 has full access, but x.x.x.40 has limited or no access.

So Computer A tries to gain access to the secured site, but is denied because it has obtained a different IP address.

2-Part question:

Why would the DHCP server assign a new address if the all Computer A did was shut down
and the server was rebooted AFTER Computer was down?

Also, aside from assigning reservations on the DHCP server (which I would prefer not to do), is there a method to insure that the client was ALWAYS receive the same IP address EACH AND EVERY SINGLE TIME?

Additional question:

I also have several devices that are assigned static addresses. If my range to give out is x.x.x.15 to x.x.x.100 AND some of these devices fall into that category, do I have to, repeat, have to exclude these addresses on the DHCP server?

Hoping to hear from you.
0
Comment
Question by:mperez1216
  • 8
  • 8
  • 2
  • +1
19 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252296

The Lease time determines how long a client can keep an address for. Try increasing the Lease time, or perhaps setting it to Infinite. That should stop the DHCP giving out addresses to different clients.

You might find it is better to set up an excluded range that you can put all these devices into though?
0
 

Author Comment

by:mperez1216
ID: 12252344
What affect does setting the lease to infinite have when the client shuts down for the night? Will it cause an IP conflict when he boots up the next day? In other words, will he cause a conflict with himself? I've seen this happen.

As far as the exclusing range, I have several devices. I try to keep them in a general area, but one area may have 10 spots in the 100-115 range, whereas other devices may have only 2 or 3 spots in the 30-40 range, with a several client stations in the same range.

How would I resolve that?
0
 
LVL 6

Accepted Solution

by:
chumplet earned 125 total points
ID: 12252364
Your DHCP server *should* hold that lease for the allotted period of time (say 7 days), then the client and server will attempt to renew that lease approximately halfway through -- after 3.5 days.  That process *should* continue over and over as long as the client and server are talking to each other.  Reboots on either side, as far as I understand, should not affect this.  Anything else in this config that you can tell us?

As for "keeping" an address for a specific client, you have 3 options: 1) set the DHCP lease to infinite, 2) set an IP address 'reservation' in DHCP, or 3) staticly assign that IP address to that client.

Lastly, if the DHCP server has a range of addresses from .15 - .100 and you have clients staticly assigned at any of those addresses in that range, then you have potential for IP address conflicts.  Either exclude those addresses individually, exclude a range of addresses that includes all of those, or change the range of IPs that DHCP gives out to *not* include those.

Hope that helps out... :)

Chumplet
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252378

What Chumplet said ;)
0
 

Author Comment

by:mperez1216
ID: 12252451
A. I do know that the address lease is set to, I believe, 12 Hours.
B. Any static address is assigned to a device that is not a client pc (printers, routers, etc).
0
 
LVL 4

Expert Comment

by:JonSh
ID: 12252474
I'll agree with Chumplet with one change.... just make the address static and be done with it.

On some DHCP servers, you can reserve specific IP addresses for specific MAC addresses (I think Chumplet might have been referring to this in item #2?)....but why bother? :)

Jon
0
 

Author Comment

by:mperez1216
ID: 12252507
Recommended Actions:

1. Change lease period from current to infinite.
2. Add any exclusions, either by specific IP or by range.
3. Because the lease is infinite, I should not need to make any reservation on an IP.

Let me know if #3 is correct.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252516

With a 12 hour lease time if you leave a machine off overnight the lease expires and the address is available for any other device on the network - so the firewall rules will be out of date.

Are the static addresses in an exclusion range on your DHCP Server?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252526

oops... too slow.

3 is correct - but in the case of assiging firewall rules it might be sensible to make it reserved.
0
 

Author Comment

by:mperez1216
ID: 12252631
I went to the DHCP server and under the 'Scope' properties, I did not see an 'infinite' option, but I do see an 'unlimited' option. I was incorrect in the time frame, though. The person who configured the box informed me it was 12 hours, but the time frame is actually 8 hours.

If this is the correct setting, I can at least get that portion going.

0
 

Author Comment

by:mperez1216
ID: 12252648
Sorry, missed a sentence. Yes, some of the statics ip's are in the exclusion range, where others are not.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252663

Yep Unlimited is the correct option.

If it isn't possible to move the remainder of the static IPs into the Exclusion then it would be a good idea to reserve them individually to avoid potential conflicts.
0
 

Author Comment

by:mperez1216
ID: 12252674
Reserve them or enter them as an individual exclusion?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252740

Either will work, but since they are static Exclude would be more accurate.
0
 
LVL 6

Expert Comment

by:chumplet
ID: 12252797
Agreed.... 'exclude' is a better option.  

In my opinion (and it's only an opinion), reservations are a royal pain-in-the-rear.  Either allow DHCP to dole out addresses *OR* staticly assign them on the box.
0
 

Author Comment

by:mperez1216
ID: 12252830
Exclusion. That's what I thought. Exclusion it is.

On a side note, are there any "pitfalls" regarding unlimited lease that I should be aware of?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252833
I agree, never been found of Reservations, you're either assigning it statically or you're not right?

Of course there are exceptions, generally ISPs, where Dynamically Assigned Static IPs are appropriate.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 12252840

Only that it never releases address, so if find you've run out that'll be while.

Running out would only really happen though if you have a high turnover of network devices (or just an almost full scope).
0
 

Author Comment

by:mperez1216
ID: 12252879
Kudos to all.

Thanks.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question