How to manage DHCP in medium size business

Posted on 2015-02-17
Medium Priority
Last Modified: 2015-03-01
we have nearly 700 plus computers in the network and having manual ip addressing . I am in the process of going with the static to  dynamic . but I have few issues  with the current setup .

what is the best way to assign the ip dynamically
firewall level , core switch  or OS dhcp server . I hope separate DHCP is the best option ?
major issue is out of 700 PCs nearly 500 pcs have internet access with the firewall via access . All the access give with the IP address level . we did not have link with the AD and the firewall . so how can I keep the same ip address for my internet client . one idea is reserve option in the DHCP . but I don't know the best option is going to be the reserve all most all the users in the network

please share your thoughts
Question by:cur
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 14

Assisted Solution

by:Natty Greg
Natty Greg earned 800 total points
ID: 40615869
use nmap to gather ip addresses and mac address from there figure out your ip address scheme, you will definitely need four dhcp scope cause you need that to address growth. a router will be needed if each subnet need to talk to each other.
LVL 37

Assisted Solution

bbao earned 400 total points
ID: 40615896
> firewall level, core switch or OS dhcp server.

for an enterprise environment, better deploy DHCP services on OS servers because this way you may have better control on DHCP options and restrict users in terms of security and scalability.

deploying DHCP services on network devices may work but you need more work once you got needs to integrate OS and the devices. e.g. to to assign IP addresses to authenticated userss only, or applying web proxy settings for given subnets etc.

> I hope separate DHCP is the best option ?

what do you mean by 'separate'?

> we did not have link with the AD and the firewall. so how can I keep the same ip address for my internet client.

do you mean current users already have used IPs which are to be used for DHCP address pool?

> one idea is reserve option in the DHCP . but I don't know the best option is going to be the reserve all most all the users in the network

new addresses can't be changed in a few seconds. you need to work out a plan to deploy the addresses in stage, smoothly.

Author Comment

ID: 40615951
currently we  do not integrated AD firewall . half of the users in the work group . this will rollover very soon . issue is this . we have given the internet access based on the host ip . if I go with the dhcp how am I going to keep the client PC ip static all the time
some time we need to connect work group users connecting to internet . if I go with AD integration . it will make more complex without proper understand
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 14

Assisted Solution

by:Natty Greg
Natty Greg earned 800 total points
ID: 40615957
DHCP allows static mapping and you can restrict and permit host ips to the internet, never mind if you know the specific time of day when they need to be on the internet you can schedule it via DHCP, its a powerful tool that you'll love.
do some reading on it.
LVL 37

Assisted Solution

Mahesh earned 800 total points
ID: 40616117
Better you could use Windows domain based DHCP server which can assign IPs to both domain clients and workgroup clients as well
After that allow IP range on firewall as allowed internet access
This will avoid creation of 500 reservations in DHCP
I believe DHCP is there to lease out IPs freely without much intervention and in exceptional case few DHCP reservations to be used

Also check how to setup DNS - DHCP advanced integration, scavenging once you setup domain based DHCP server
Check below articles for more information:

Author Comment

ID: 40616161
if the clients PC get change the IP time to time . monthly internet bill will generation will have the impact due to ip change
LVL 37

Accepted Solution

Mahesh earned 800 total points
ID: 40616203
Before setting up DHCP still you are using 500 static addresses for internet access

After you setup, still IP addresses count remains same

I don't see how bill will get impacted

Further more how your firewall is setup?

It should have NATTED internet access so that on internet actually default firewall public IP would be displayed and no matter which machine \ IP combination is connected from intarnet

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question