Solved

How to manage DHCP in medium size business

Posted on 2015-02-17
7
202 Views
Last Modified: 2015-03-01
we have nearly 700 plus computers in the network and having manual ip addressing . I am in the process of going with the static to  dynamic . but I have few issues  with the current setup .

what is the best way to assign the ip dynamically
firewall level , core switch  or OS dhcp server . I hope separate DHCP is the best option ?
major issue is out of 700 PCs nearly 500 pcs have internet access with the firewall via access . All the access give with the IP address level . we did not have link with the AD and the firewall . so how can I keep the same ip address for my internet client . one idea is reserve option in the DHCP . but I don't know the best option is going to be the reserve all most all the users in the network

please share your thoughts
0
Comment
Question by:cur
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 9

Assisted Solution

by:nattygreg
nattygreg earned 200 total points
ID: 40615869
use nmap to gather ip addresses and mac address from there figure out your ip address scheme, you will definitely need four dhcp scope cause you need that to address growth. a router will be needed if each subnet need to talk to each other.
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 100 total points
ID: 40615896
> firewall level, core switch or OS dhcp server.

for an enterprise environment, better deploy DHCP services on OS servers because this way you may have better control on DHCP options and restrict users in terms of security and scalability.

deploying DHCP services on network devices may work but you need more work once you got needs to integrate OS and the devices. e.g. to to assign IP addresses to authenticated userss only, or applying web proxy settings for given subnets etc.

> I hope separate DHCP is the best option ?

what do you mean by 'separate'?

> we did not have link with the AD and the firewall. so how can I keep the same ip address for my internet client.

do you mean current users already have used IPs which are to be used for DHCP address pool?

> one idea is reserve option in the DHCP . but I don't know the best option is going to be the reserve all most all the users in the network

new addresses can't be changed in a few seconds. you need to work out a plan to deploy the addresses in stage, smoothly.
0
 

Author Comment

by:cur
ID: 40615951
currently we  do not integrated AD firewall . half of the users in the work group . this will rollover very soon . issue is this . we have given the internet access based on the host ip . if I go with the dhcp how am I going to keep the client PC ip static all the time
some time we need to connect work group users connecting to internet . if I go with AD integration . it will make more complex without proper understand
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Assisted Solution

by:nattygreg
nattygreg earned 200 total points
ID: 40615957
DHCP allows static mapping and you can restrict and permit host ips to the internet, never mind if you know the specific time of day when they need to be on the internet you can schedule it via DHCP, its a powerful tool that you'll love.
do some reading on it.
0
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 40616117
Better you could use Windows domain based DHCP server which can assign IPs to both domain clients and workgroup clients as well
After that allow IP range on firewall as allowed internet access
This will avoid creation of 500 reservations in DHCP
I believe DHCP is there to lease out IPs freely without much intervention and in exceptional case few DHCP reservations to be used

Also check how to setup DNS - DHCP advanced integration, scavenging once you setup domain based DHCP server
Check below articles for more information:
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/
0
 

Author Comment

by:cur
ID: 40616161
if the clients PC get change the IP time to time . monthly internet bill will generation will have the impact due to ip change
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 200 total points
ID: 40616203
Before setting up DHCP still you are using 500 static addresses for internet access

After you setup, still IP addresses count remains same

I don't see how bill will get impacted

Further more how your firewall is setup?

It should have NATTED internet access so that on internet actually default firewall public IP would be displayed and no matter which machine \ IP combination is connected from intarnet
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now