Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

Changing Lease Duration for DHCP clients

We run a small network for a small company of about 100 people and we have a lot of users that use our Wi-Fi with iPhones, AppleWatches, iPads, Androids and other devices. We also have clients that come in for meetings that use our Wi-Fi and take up IP addresses.

We are starting to run low on available DHCP IPs and our lease has always been 8 Days for years. We are thinking of changing that along with having users not use their personal devices on our network.

Our question is if we change the lease to 3 days, does that have any kind of negative impact on DHCP or the network? Too much activity or just something that we are potentially missing?

Any help would be appreciated.
0
regsamp
Asked:
regsamp
  • 15
  • 9
  • 7
  • +2
3 Solutions
 
LBTechSolOperations DirectorCommented:
you will need to be aware of the load on the server/device that is managing the lease time. Reducing the lease time will cause additional Broadcast traffic on your network but for 100 people i wouldn't imagine that this would be too much of an issue. If you are having issues with available IP addresses i would suggest the following:

  • Public Guest Wifi
  • Employee Guest Wifi
  • Business Wifi

This will ensure that only business machines are allowed on your local network (you don't want personal and guest devices on here for business security, it will also help segregate your traffic and allow for Internet bandwidth for different groups of users, for example you would want the Business network to take precedent with mobile devices to only have limited speeds (why would they want more while working).

I have changed the scope on other clients and the background traffic has not impacted the running of the network.
0
 
masnrockCommented:
You should be taking a dual approach to fixing.

1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs (this also requires that you have infrastructure that will support them). I also do not suggest allowing non corporate devices on the main network at all, even if it is employee owned.
2) Shortening the lease time should not hurt anything at all. If anything it will ensure better utilization of IP addresses.
0
 
regsampAuthor Commented:
"This will ensure that only business machines are allowed on your local network (you don't want personal and guest devices on here for business security,"

"1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs. I also do not suggest allowing non corporate devices on the main network at all."

This is just for Wi-Fi that clients and users use. But I understand what you mean. Even this is a security loophole and we should have a whole separate network for guests.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
LBTechSolOperations DirectorCommented:
If you are already on a separate DHCP scope and wifi network (fingers crossed in the perfect world) a quick and dirty fix would be to change this network from /24 to /23 network but this does depend on the existing network configuration and any routing requirements.

192.168.0.0/24 (254 hosts)
192.168.0.0/23 (510 hosts)
0
 
regsampAuthor Commented:
We have just the one DHCP scope with a few Wi-Fi routers located in the building for clients and guests. 192.168.1.1 to 129 are excluded from distribution and then above to 192.168.1.254 is open to distribution.

This has been setup for years like this but now with the amount of devices, it is a problem. None of our Wi-Fi routers look like they do any good VLAN options.
0
 
masnrockCommented:
You can have a VLAN and only utilize it for wireless (you could try to make use for wired as well if you needed, but I assumed that wasn't necessary in your case)

If you wanted a recommendation for lower-cost APs that support VLANs, I'd suggest the Ubiquiti UniFi units. What type of firewall and wireless devices do you have now?
0
 
Tom CieslikIT EngineerCommented:
You can create Superscope in your DHCP server.
Your first scope is 192.168.1.1 to 130 - 254
So Add additional from 192.168.2.2 - 192.168.2.254
and third one from 192.168.3.2 - 192.168.3.254

It's easy process and you can just click on your DHCP server IPv4 and fallow wizard for Superscope creation
I have this setup and is working very good.

Capture.JPG
0
 
regsampAuthor Commented:
We have a SonicFirewall and the wireless routers we use range from Apple, to Belkin, Cisco, ect. Our clients will come in with iPhones and Androids, iPads, ect.

Maybe a recommendation for a lower-cast smart switch that we could put on a small Windows Network and create a VLAN?
0
 
regsampAuthor Commented:
Hmm, that Superscope option sounds interesting Tom. That could possibly work too. And you have not any problems with traffic or network communication?
0
 
Tom CieslikIT EngineerCommented:
Not at all, but to do this you need to have DHCP server on Windows server not on Sonic Wall or other router
0
 
Tom CieslikIT EngineerCommented:
If you do this you need to setup additional IP on your sonic wall second NIC to be a gateway for second scope

So If I have 10.0.1.2-254 second scope the gateway for this scope is 10.0.1.1

 Capture.JPG
0
 
regsampAuthor Commented:
We have DHCP on our Windows Server and not with the SonicWall. I see. You are saying that a second gateway setting has to be on the SonicWall. Second NIC though? I am not sure about that part. We need our DHCP Windows Server to have an another NIC and then configure that NIC for the new Scope, correct?
0
 
Tom CieslikIT EngineerCommented:
All you need to do is activate your X2 network adapter on SonicWall and assign IP. In your case 192.168.2.1 to be gateway to internet for second scope users.

Then create supersope in your DHCP and configure router to be 192.168.2.1
If you need 3rd scope you need to activate X3 network on sonic and assign IP 192.168.3.1 and set this in your 3rd scope router settings.

Remember that sonic must be physically connected on active ports to your network switch.
0
 
Tom CieslikIT EngineerCommented:
If this will be only for internet connection then you don't need configure any firewall rules for X2 and X3 but if you'll decide to put some services / servers on this scope then you going to need create appropriate rules on Sonicwal to forward traffic from External IP to appropriate X2 or X3 LAN.
0
 
regsampAuthor Commented:
"If this will be only for internet connection then you don't need configure any firewall rules" Well, this would also be to allow more IPs in DHCP for the network too. "All you need to do is activate your X2 network adapter on SonicWall and assign IP" I am not sure if it even has multiple network adapters. I get what you are saying about adding the Gateway within the SonicWall. I guess I would have to get with SonicWall support for this situation to confirm everything.
0
 
Tom CieslikIT EngineerCommented:
What kind of SonicWall you have ?
0
 
regsampAuthor Commented:
It is an NSA 2600.
0
 
Tom CieslikIT EngineerCommented:
As I see you have 8 LAN connections from X1-X8 :)

Capture.JPG
0
 
masnrockCommented:
You have a Sonicwall? Even better, you can create Virtual Interfaces on it (this would handle part of the VLAN needs). Virtual interfaces have their own subnets and can have separate DHCP servers tied to them.

As I mentioned, I would recommend replacing the hodgepodge of wireless routers with UniFi access points. The Pro units will support standard POE, while the other units would require the use of injectors that are included.

As far as a switch goes, you could get something like a Trendnet TPE TG-240. But I also like the Cisco SG300-28P units. I picked these because they are POE. But if you opt for non-POE switches, the cost will be lower.
0
 
Tom CieslikIT EngineerCommented:
I have TZ-215 an you can see I have active 2 LAN.
You can do it for yourself from Sonic Wall Manage Console

Just click edit next to your X2 connector and assign IP to It

Capture.JPG
0
 
regsampAuthor Commented:
"As I see you have 8 LAN connections from X1-X8" I see Tom. I see mashrock. I still might go that route and thank you for the suggestions. Especially the switch. I am just seeing if the superscope might be quicker/easier for us.
0
 
Tom CieslikIT EngineerCommented:
@masnrock
You are absolutely right, but then he need to play with routing between his LAN and VLAN. I think my advise is much simplest.
0
 
masnrockCommented:
@Tom
There's no major playing with routing as it's a Sonicwall. While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono. Both of our approaches both do provide separation, my advise also leaves the OP only needing to have one set of wireless devices from one vendor, which would be managed centrally. So while it would require more effort upfront, the reward will make him wonder why he didn't go through the undertaking before.
1
 
regsampAuthor Commented:
@Tom, well we do have multiple network ports to do it like you said. It had been a little bit since I had checked behind all the cables in the way so I will have to look more into this.
0
 
regsampAuthor Commented:
"While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono." This is a very good point.
0
 
masnrockCommented:
Let's be honest, both of our approaches (mine and Tom's) can work. However, it becomes a question of what you want the end result to look like and what you're willing/able to spend.

Are your APs all over the place in the office? How many access points are covering the space, and do you mind having two sets of APs?
0
 
regsampAuthor Commented:
We are a small company so we have three wireless routers/APS. Two on on the second floor and one on the main floor for a conference room. It is just that when we have a lot of meetings one week and the clients use the Wi-Fi downstairs the leases stay in DHCP for a week so were thinking of decreasing it to 3 or 4 days. And then we were thinking of VLANS or something to separate it all and get IPs back too.
0
 
masnrockCommented:
What model(s) of switch(es) do you have now? I provided in an earlier links and suggestions for a switch in the case you need one. However, what model you currently have dictates whether you really need a new one or not. But also, there's the question of whether you desire POE switches or you want to use injectors.

As far as the APs go, this is what I'd advise to get (either one of these):
UniFi AC Lite 5 Pack - Not that you need 5, but you can deploy 2-3 and have extras for expansion or as spare in case units go bad.
UniFi AC Pro 5 Pack - Same idea, but these are the ones that I mentioned work with normal POE switches.

Obviously, you can buy them individually instead, but I thought presenting in packs of 5 like this would be comparatively simpler.

With these, you'll have APs that will work with multiple SSIDs and multiple VLANs. So even if you wanted even more wireless networks in the future, you're set without some ridiculous cost.
0
 
regsampAuthor Commented:
We have HP ProCurve Switches currently and that is all we have used for awhile now. Okay, thank you for the recommendations.
0
 
masnrockCommented:
Ah. If you have ProCurves, then you really don't have to buy replacement switches at all (they should already support VLANs). It would just be more configuration than anything else. Assuming the switches are not POE, get the Lite APs. If they are, I'd recommend going with the Pro. Your monetary cost would solely revolve around the APs themselves. You could have an existing server act as the controller.
0
 
regsampAuthor Commented:
Okay, I will certainly look into it. I am looking at the Superscope too. We are a small business so sometimes we just have to go with the cheapest and quickest options or at least present all the options so I appreciate all the advice.
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
Windows DHCP? Lower lease times and enable conflict resolution
1
 
regsampAuthor Commented:
All of the options would work and I did not want to choose a best option but it looks like I have to. Sorry, I would have given equal points if I could.
0
 
regsampAuthor Commented:
Sorry Shaun, I closed this without seeing your good suggestion too. I am doing that now to see if that helps but thank you, very much.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 15
  • 9
  • 7
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now