Changing Lease Duration for DHCP clients

You should be taking a dual approach to fixing.

1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs (this also requires that you have infrastructure that will support them). I also do not suggest allowing non corporate devices on the main network at all, even if it is employee owned.
2) Shortening the lease time should not hurt anything at all. If anything it will ensure better utilization of IP addresses.

"This will ensure that only business machines are allowed on your local network (you don't want personal and guest devices on here for business security,"

"1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs. I also do not suggest allowing non corporate devices on the main network at all."

This is just for Wi-Fi that clients and users use. But I understand what you mean. Even this is a security loophole and we should have a whole separate network for guests.

If you are already on a separate DHCP scope and wifi network (fingers crossed in the perfect world) a quick and dirty fix would be to change this network from /24 to /23 network but this does depend on the existing network configuration and any routing requirements.

192.168.0.0/24 (254 hosts)
192.168.0.0/23 (510 hosts)

We have just the one DHCP scope with a few Wi-Fi routers located in the building for clients and guests. 192.168.1.1 to 129 are excluded from distribution and then above to 192.168.1.254 is open to distribution.

This has been setup for years like this but now with the amount of devices, it is a problem. None of our Wi-Fi routers look like they do any good VLAN options.

You can have a VLAN and only utilize it for wireless (you could try to make use for wired as well if you needed, but I assumed that wasn't necessary in your case)

If you wanted a recommendation for lower-cost APs that support VLANs, I'd suggest the Ubiquiti UniFi units. What type of firewall and wireless devices do you have now?

We have a SonicFirewall and the wireless routers we use range from Apple, to Belkin, Cisco, ect. Our clients will come in with iPhones and Androids, iPads, ect.

Maybe a recommendation for a lower-cast smart switch that we could put on a small Windows Network and create a VLAN?

Hmm, that Superscope option sounds interesting Tom. That could possibly work too. And you have not any problems with traffic or network communication?

Not at all, but to do this you need to have DHCP server on Windows server not on Sonic Wall or other router

If you do this you need to setup additional IP on your sonic wall second NIC to be a gateway for second scope

So If I have 10.0.1.2-254 second scope the gateway for this scope is 10.0.1.1

 

We have DHCP on our Windows Server and not with the SonicWall. I see. You are saying that a second gateway setting has to be on the SonicWall. Second NIC though? I am not sure about that part. We need our DHCP Windows Server to have an another NIC and then configure that NIC for the new Scope, correct?

All you need to do is activate your X2 network adapter on SonicWall and assign IP. In your case 192.168.2.1 to be gateway to internet for second scope users.

Then create supersope in your DHCP and configure router to be 192.168.2.1
If you need 3rd scope you need to activate X3 network on sonic and assign IP 192.168.3.1 and set this in your 3rd scope router settings.

Remember that sonic must be physically connected on active ports to your network switch.

If this will be only for internet connection then you don't need configure any firewall rules for X2 and X3 but if you'll decide to put some services / servers on this scope then you going to need create appropriate rules on Sonicwal to forward traffic from External IP to appropriate X2 or X3 LAN.

"If this will be only for internet connection then you don't need configure any firewall rules" Well, this would also be to allow more IPs in DHCP for the network too. "All you need to do is activate your X2 network adapter on SonicWall and assign IP" I am not sure if it even has multiple network adapters. I get what you are saying about adding the Gateway within the SonicWall. I guess I would have to get with SonicWall support for this situation to confirm everything.

What kind of SonicWall you have ?

It is an NSA 2600.

As I see you have 8 LAN connections from X1-X8 :)

I have TZ-215 an you can see I have active 2 LAN.
You can do it for yourself from Sonic Wall Manage Console

Just click edit next to your X2 connector and assign IP to It

"As I see you have 8 LAN connections from X1-X8" I see Tom. I see mashrock. I still might go that route and thank you for the suggestions. Especially the switch. I am just seeing if the superscope might be quicker/easier for us.

@masnrock
You are absolutely right, but then he need to play with routing between his LAN and VLAN. I think my advise is much simplest.

@Tom
There's no major playing with routing as it's a Sonicwall. While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono. Both of our approaches both do provide separation, my advise also leaves the OP only needing to have one set of wireless devices from one vendor, which would be managed centrally. So while it would require more effort upfront, the reward will make him wonder why he didn't go through the undertaking before.

@Tom, well we do have multiple network ports to do it like you said. It had been a little bit since I had checked behind all the cables in the way so I will have to look more into this.

"While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono." This is a very good point.

Let's be honest, both of our approaches (mine and Tom's) can work. However, it becomes a question of what you want the end result to look like and what you're willing/able to spend.

Are your APs all over the place in the office? How many access points are covering the space, and do you mind having two sets of APs?

We are a small company so we have three wireless routers/APS. Two on on the second floor and one on the main floor for a conference room. It is just that when we have a lot of meetings one week and the clients use the Wi-Fi downstairs the leases stay in DHCP for a week so were thinking of decreasing it to 3 or 4 days. And then we were thinking of VLANS or something to separate it all and get IPs back too.

What model(s) of switch(es) do you have now? I provided in an earlier links and suggestions for a switch in the case you need one. However, what model you currently have dictates whether you really need a new one or not. But also, there's the question of whether you desire POE switches or you want to use injectors.

As far as the APs go, this is what I'd advise to get (either one of these):
UniFi AC Lite 5 Pack - Not that you need 5, but you can deploy 2-3 and have extras for expansion or as spare in case units go bad.
UniFi AC Pro 5 Pack - Same idea, but these are the ones that I mentioned work with normal POE switches.

Obviously, you can buy them individually instead, but I thought presenting in packs of 5 like this would be comparatively simpler.

With these, you'll have APs that will work with multiple SSIDs and multiple VLANs. So even if you wanted even more wireless networks in the future, you're set without some ridiculous cost.

We have HP ProCurve Switches currently and that is all we have used for awhile now. Okay, thank you for the recommendations.

Ah. If you have ProCurves, then you really don't have to buy replacement switches at all (they should already support VLANs). It would just be more configuration than anything else. Assuming the switches are not POE, get the Lite APs. If they are, I'd recommend going with the Pro. Your monetary cost would solely revolve around the APs themselves. You could have an existing server act as the controller.

Okay, I will certainly look into it. I am looking at the Superscope too. We are a small business so sometimes we just have to go with the cheapest and quickest options or at least present all the options so I appreciate all the advice.

Windows DHCP? Lower lease times and enable conflict resolution

All of the options would work and I did not want to choose a best option but it looks like I have to. Sorry, I would have given equal points if I could.

Sorry Shaun, I closed this without seeing your good suggestion too. I am doing that now to see if that helps but thank you, very much.