Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Changing Lease Duration for DHCP clients

Posted on 2017-03-16
34
34 Views
Last Modified: 2017-03-17
We run a small network for a small company of about 100 people and we have a lot of users that use our Wi-Fi with iPhones, AppleWatches, iPads, Androids and other devices. We also have clients that come in for meetings that use our Wi-Fi and take up IP addresses.

We are starting to run low on available DHCP IPs and our lease has always been 8 Days for years. We are thinking of changing that along with having users not use their personal devices on our network.

Our question is if we change the lease to 3 days, does that have any kind of negative impact on DHCP or the network? Too much activity or just something that we are potentially missing?

Any help would be appreciated.
0
Comment
Question by:regsamp
  • 15
  • 9
  • 7
  • +2
34 Comments
 
LVL 3

Assisted Solution

by:LBTechSol
LBTechSol earned 125 total points
ID: 42051311
you will need to be aware of the load on the server/device that is managing the lease time. Reducing the lease time will cause additional Broadcast traffic on your network but for 100 people i wouldn't imagine that this would be too much of an issue. If you are having issues with available IP addresses i would suggest the following:

  • Public Guest Wifi
  • Employee Guest Wifi
  • Business Wifi

This will ensure that only business machines are allowed on your local network (you don't want personal and guest devices on here for business security, it will also help segregate your traffic and allow for Internet bandwidth for different groups of users, for example you would want the Business network to take precedent with mobile devices to only have limited speeds (why would they want more while working).

I have changed the scope on other clients and the background traffic has not impacted the running of the network.
0
 
LVL 25

Expert Comment

by:masnrock
ID: 42051383
You should be taking a dual approach to fixing.

1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs (this also requires that you have infrastructure that will support them). I also do not suggest allowing non corporate devices on the main network at all, even if it is employee owned.
2) Shortening the lease time should not hurt anything at all. If anything it will ensure better utilization of IP addresses.
0
 

Author Comment

by:regsamp
ID: 42051395
"This will ensure that only business machines are allowed on your local network (you don't want personal and guest devices on here for business security,"

"1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs. I also do not suggest allowing non corporate devices on the main network at all."

This is just for Wi-Fi that clients and users use. But I understand what you mean. Even this is a security loophole and we should have a whole separate network for guests.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 3

Expert Comment

by:LBTechSol
ID: 42051424
If you are already on a separate DHCP scope and wifi network (fingers crossed in the perfect world) a quick and dirty fix would be to change this network from /24 to /23 network but this does depend on the existing network configuration and any routing requirements.

192.168.0.0/24 (254 hosts)
192.168.0.0/23 (510 hosts)
0
 

Author Comment

by:regsamp
ID: 42051441
We have just the one DHCP scope with a few Wi-Fi routers located in the building for clients and guests. 192.168.1.1 to 129 are excluded from distribution and then above to 192.168.1.254 is open to distribution.

This has been setup for years like this but now with the amount of devices, it is a problem. None of our Wi-Fi routers look like they do any good VLAN options.
0
 
LVL 25

Expert Comment

by:masnrock
ID: 42051472
You can have a VLAN and only utilize it for wireless (you could try to make use for wired as well if you needed, but I assumed that wasn't necessary in your case)

If you wanted a recommendation for lower-cost APs that support VLANs, I'd suggest the Ubiquiti UniFi units. What type of firewall and wireless devices do you have now?
0
 
LVL 20

Accepted Solution

by:
Tom Cieslik earned 250 total points
ID: 42051489
You can create Superscope in your DHCP server.
Your first scope is 192.168.1.1 to 130 - 254
So Add additional from 192.168.2.2 - 192.168.2.254
and third one from 192.168.3.2 - 192.168.3.254

It's easy process and you can just click on your DHCP server IPv4 and fallow wizard for Superscope creation
I have this setup and is working very good.

Capture.JPG
0
 

Author Comment

by:regsamp
ID: 42051491
We have a SonicFirewall and the wireless routers we use range from Apple, to Belkin, Cisco, ect. Our clients will come in with iPhones and Androids, iPads, ect.

Maybe a recommendation for a lower-cast smart switch that we could put on a small Windows Network and create a VLAN?
0
 

Author Comment

by:regsamp
ID: 42051493
Hmm, that Superscope option sounds interesting Tom. That could possibly work too. And you have not any problems with traffic or network communication?
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051499
Not at all, but to do this you need to have DHCP server on Windows server not on Sonic Wall or other router
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051507
If you do this you need to setup additional IP on your sonic wall second NIC to be a gateway for second scope

So If I have 10.0.1.2-254 second scope the gateway for this scope is 10.0.1.1

 Capture.JPG
0
 

Author Comment

by:regsamp
ID: 42051517
We have DHCP on our Windows Server and not with the SonicWall. I see. You are saying that a second gateway setting has to be on the SonicWall. Second NIC though? I am not sure about that part. We need our DHCP Windows Server to have an another NIC and then configure that NIC for the new Scope, correct?
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051531
All you need to do is activate your X2 network adapter on SonicWall and assign IP. In your case 192.168.2.1 to be gateway to internet for second scope users.

Then create supersope in your DHCP and configure router to be 192.168.2.1
If you need 3rd scope you need to activate X3 network on sonic and assign IP 192.168.3.1 and set this in your 3rd scope router settings.

Remember that sonic must be physically connected on active ports to your network switch.
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051533
If this will be only for internet connection then you don't need configure any firewall rules for X2 and X3 but if you'll decide to put some services / servers on this scope then you going to need create appropriate rules on Sonicwal to forward traffic from External IP to appropriate X2 or X3 LAN.
0
 

Author Comment

by:regsamp
ID: 42051538
"If this will be only for internet connection then you don't need configure any firewall rules" Well, this would also be to allow more IPs in DHCP for the network too. "All you need to do is activate your X2 network adapter on SonicWall and assign IP" I am not sure if it even has multiple network adapters. I get what you are saying about adding the Gateway within the SonicWall. I guess I would have to get with SonicWall support for this situation to confirm everything.
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051543
What kind of SonicWall you have ?
0
 

Author Comment

by:regsamp
ID: 42051555
It is an NSA 2600.
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051562
As I see you have 8 LAN connections from X1-X8 :)

Capture.JPG
0
 
LVL 25

Assisted Solution

by:masnrock
masnrock earned 125 total points
ID: 42051569
You have a Sonicwall? Even better, you can create Virtual Interfaces on it (this would handle part of the VLAN needs). Virtual interfaces have their own subnets and can have separate DHCP servers tied to them.

As I mentioned, I would recommend replacing the hodgepodge of wireless routers with UniFi access points. The Pro units will support standard POE, while the other units would require the use of injectors that are included.

As far as a switch goes, you could get something like a Trendnet TPE TG-240. But I also like the Cisco SG300-28P units. I picked these because they are POE. But if you opt for non-POE switches, the cost will be lower.
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051572
I have TZ-215 an you can see I have active 2 LAN.
You can do it for yourself from Sonic Wall Manage Console

Just click edit next to your X2 connector and assign IP to It

Capture.JPG
0
 

Author Comment

by:regsamp
ID: 42051575
"As I see you have 8 LAN connections from X1-X8" I see Tom. I see mashrock. I still might go that route and thank you for the suggestions. Especially the switch. I am just seeing if the superscope might be quicker/easier for us.
0
 
LVL 20

Expert Comment

by:Tom Cieslik
ID: 42051577
@masnrock
You are absolutely right, but then he need to play with routing between his LAN and VLAN. I think my advise is much simplest.
0
 
LVL 25

Expert Comment

by:masnrock
ID: 42051584
@Tom
There's no major playing with routing as it's a Sonicwall. While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono. Both of our approaches both do provide separation, my advise also leaves the OP only needing to have one set of wireless devices from one vendor, which would be managed centrally. So while it would require more effort upfront, the reward will make him wonder why he didn't go through the undertaking before.
1
 

Author Comment

by:regsamp
ID: 42051585
@Tom, well we do have multiple network ports to do it like you said. It had been a little bit since I had checked behind all the cables in the way so I will have to look more into this.
0
 

Author Comment

by:regsamp
ID: 42051623
"While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono." This is a very good point.
0
 
LVL 25

Expert Comment

by:masnrock
ID: 42051656
Let's be honest, both of our approaches (mine and Tom's) can work. However, it becomes a question of what you want the end result to look like and what you're willing/able to spend.

Are your APs all over the place in the office? How many access points are covering the space, and do you mind having two sets of APs?
0
 

Author Comment

by:regsamp
ID: 42051671
We are a small company so we have three wireless routers/APS. Two on on the second floor and one on the main floor for a conference room. It is just that when we have a lot of meetings one week and the clients use the Wi-Fi downstairs the leases stay in DHCP for a week so were thinking of decreasing it to 3 or 4 days. And then we were thinking of VLANS or something to separate it all and get IPs back too.
0
 
LVL 25

Expert Comment

by:masnrock
ID: 42051712
What model(s) of switch(es) do you have now? I provided in an earlier links and suggestions for a switch in the case you need one. However, what model you currently have dictates whether you really need a new one or not. But also, there's the question of whether you desire POE switches or you want to use injectors.

As far as the APs go, this is what I'd advise to get (either one of these):
UniFi AC Lite 5 Pack - Not that you need 5, but you can deploy 2-3 and have extras for expansion or as spare in case units go bad.
UniFi AC Pro 5 Pack - Same idea, but these are the ones that I mentioned work with normal POE switches.

Obviously, you can buy them individually instead, but I thought presenting in packs of 5 like this would be comparatively simpler.

With these, you'll have APs that will work with multiple SSIDs and multiple VLANs. So even if you wanted even more wireless networks in the future, you're set without some ridiculous cost.
0
 

Author Comment

by:regsamp
ID: 42051730
We have HP ProCurve Switches currently and that is all we have used for awhile now. Okay, thank you for the recommendations.
0
 
LVL 25

Expert Comment

by:masnrock
ID: 42051738
Ah. If you have ProCurves, then you really don't have to buy replacement switches at all (they should already support VLANs). It would just be more configuration than anything else. Assuming the switches are not POE, get the Lite APs. If they are, I'd recommend going with the Pro. Your monetary cost would solely revolve around the APs themselves. You could have an existing server act as the controller.
0
 

Author Comment

by:regsamp
ID: 42051761
Okay, I will certainly look into it. I am looking at the Superscope too. We are a small business so sometimes we just have to go with the cheapest and quickest options or at least present all the options so I appreciate all the advice.
0
 
LVL 25

Expert Comment

by:Shaun Vermaak
ID: 42052601
Windows DHCP? Lower lease times and enable conflict resolution
1
 

Author Closing Comment

by:regsamp
ID: 42052693
All of the options would work and I did not want to choose a best option but it looks like I have to. Sorry, I would have given equal points if I could.
0
 

Author Comment

by:regsamp
ID: 42052698
Sorry Shaun, I closed this without seeing your good suggestion too. I am doing that now to see if that helps but thank you, very much.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
windows explorer default details view 10 82
spanning tree loop even though stp is enabled 10 53
VPN Connection WIndows 10 5 61
Powerline adapter slow Mbps? 38 168
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question