Solved

Changing Lease Duration for DHCP clients

Posted on 2017-03-16
34
67 Views
Last Modified: 2017-03-17
We run a small network for a small company of about 100 people and we have a lot of users that use our Wi-Fi with iPhones, AppleWatches, iPads, Androids and other devices. We also have clients that come in for meetings that use our Wi-Fi and take up IP addresses.

We are starting to run low on available DHCP IPs and our lease has always been 8 Days for years. We are thinking of changing that along with having users not use their personal devices on our network.

Our question is if we change the lease to 3 days, does that have any kind of negative impact on DHCP or the network? Too much activity or just something that we are potentially missing?

Any help would be appreciated.
0
Comment
Question by:regsamp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 9
  • 7
  • +2
34 Comments
 
LVL 3

Assisted Solution

by:LBTechSol
LBTechSol earned 125 total points
ID: 42051311
you will need to be aware of the load on the server/device that is managing the lease time. Reducing the lease time will cause additional Broadcast traffic on your network but for 100 people i wouldn't imagine that this would be too much of an issue. If you are having issues with available IP addresses i would suggest the following:

  • Public Guest Wifi
  • Employee Guest Wifi
  • Business Wifi

This will ensure that only business machines are allowed on your local network (you don't want personal and guest devices on here for business security, it will also help segregate your traffic and allow for Internet bandwidth for different groups of users, for example you would want the Business network to take precedent with mobile devices to only have limited speeds (why would they want more while working).

I have changed the scope on other clients and the background traffic has not impacted the running of the network.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42051383
You should be taking a dual approach to fixing.

1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs (this also requires that you have infrastructure that will support them). I also do not suggest allowing non corporate devices on the main network at all, even if it is employee owned.
2) Shortening the lease time should not hurt anything at all. If anything it will ensure better utilization of IP addresses.
0
 

Author Comment

by:regsamp
ID: 42051395
"This will ensure that only business machines are allowed on your local network (you don't want personal and guest devices on here for business security,"

"1) You should have a guest network that is separate of the main network. You can accomplish this via VLANs. I also do not suggest allowing non corporate devices on the main network at all."

This is just for Wi-Fi that clients and users use. But I understand what you mean. Even this is a security loophole and we should have a whole separate network for guests.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 3

Expert Comment

by:LBTechSol
ID: 42051424
If you are already on a separate DHCP scope and wifi network (fingers crossed in the perfect world) a quick and dirty fix would be to change this network from /24 to /23 network but this does depend on the existing network configuration and any routing requirements.

192.168.0.0/24 (254 hosts)
192.168.0.0/23 (510 hosts)
0
 

Author Comment

by:regsamp
ID: 42051441
We have just the one DHCP scope with a few Wi-Fi routers located in the building for clients and guests. 192.168.1.1 to 129 are excluded from distribution and then above to 192.168.1.254 is open to distribution.

This has been setup for years like this but now with the amount of devices, it is a problem. None of our Wi-Fi routers look like they do any good VLAN options.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42051472
You can have a VLAN and only utilize it for wireless (you could try to make use for wired as well if you needed, but I assumed that wasn't necessary in your case)

If you wanted a recommendation for lower-cost APs that support VLANs, I'd suggest the Ubiquiti UniFi units. What type of firewall and wireless devices do you have now?
0
 
LVL 22

Accepted Solution

by:
Tom Cieslik earned 250 total points
ID: 42051489
You can create Superscope in your DHCP server.
Your first scope is 192.168.1.1 to 130 - 254
So Add additional from 192.168.2.2 - 192.168.2.254
and third one from 192.168.3.2 - 192.168.3.254

It's easy process and you can just click on your DHCP server IPv4 and fallow wizard for Superscope creation
I have this setup and is working very good.

Capture.JPG
0
 

Author Comment

by:regsamp
ID: 42051491
We have a SonicFirewall and the wireless routers we use range from Apple, to Belkin, Cisco, ect. Our clients will come in with iPhones and Androids, iPads, ect.

Maybe a recommendation for a lower-cast smart switch that we could put on a small Windows Network and create a VLAN?
0
 

Author Comment

by:regsamp
ID: 42051493
Hmm, that Superscope option sounds interesting Tom. That could possibly work too. And you have not any problems with traffic or network communication?
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051499
Not at all, but to do this you need to have DHCP server on Windows server not on Sonic Wall or other router
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051507
If you do this you need to setup additional IP on your sonic wall second NIC to be a gateway for second scope

So If I have 10.0.1.2-254 second scope the gateway for this scope is 10.0.1.1

 Capture.JPG
0
 

Author Comment

by:regsamp
ID: 42051517
We have DHCP on our Windows Server and not with the SonicWall. I see. You are saying that a second gateway setting has to be on the SonicWall. Second NIC though? I am not sure about that part. We need our DHCP Windows Server to have an another NIC and then configure that NIC for the new Scope, correct?
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051531
All you need to do is activate your X2 network adapter on SonicWall and assign IP. In your case 192.168.2.1 to be gateway to internet for second scope users.

Then create supersope in your DHCP and configure router to be 192.168.2.1
If you need 3rd scope you need to activate X3 network on sonic and assign IP 192.168.3.1 and set this in your 3rd scope router settings.

Remember that sonic must be physically connected on active ports to your network switch.
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051533
If this will be only for internet connection then you don't need configure any firewall rules for X2 and X3 but if you'll decide to put some services / servers on this scope then you going to need create appropriate rules on Sonicwal to forward traffic from External IP to appropriate X2 or X3 LAN.
0
 

Author Comment

by:regsamp
ID: 42051538
"If this will be only for internet connection then you don't need configure any firewall rules" Well, this would also be to allow more IPs in DHCP for the network too. "All you need to do is activate your X2 network adapter on SonicWall and assign IP" I am not sure if it even has multiple network adapters. I get what you are saying about adding the Gateway within the SonicWall. I guess I would have to get with SonicWall support for this situation to confirm everything.
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051543
What kind of SonicWall you have ?
0
 

Author Comment

by:regsamp
ID: 42051555
It is an NSA 2600.
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051562
As I see you have 8 LAN connections from X1-X8 :)

Capture.JPG
0
 
LVL 27

Assisted Solution

by:masnrock
masnrock earned 125 total points
ID: 42051569
You have a Sonicwall? Even better, you can create Virtual Interfaces on it (this would handle part of the VLAN needs). Virtual interfaces have their own subnets and can have separate DHCP servers tied to them.

As I mentioned, I would recommend replacing the hodgepodge of wireless routers with UniFi access points. The Pro units will support standard POE, while the other units would require the use of injectors that are included.

As far as a switch goes, you could get something like a Trendnet TPE TG-240. But I also like the Cisco SG300-28P units. I picked these because they are POE. But if you opt for non-POE switches, the cost will be lower.
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051572
I have TZ-215 an you can see I have active 2 LAN.
You can do it for yourself from Sonic Wall Manage Console

Just click edit next to your X2 connector and assign IP to It

Capture.JPG
0
 

Author Comment

by:regsamp
ID: 42051575
"As I see you have 8 LAN connections from X1-X8" I see Tom. I see mashrock. I still might go that route and thank you for the suggestions. Especially the switch. I am just seeing if the superscope might be quicker/easier for us.
0
 
LVL 22

Expert Comment

by:Tom Cieslik
ID: 42051577
@masnrock
You are absolutely right, but then he need to play with routing between his LAN and VLAN. I think my advise is much simplest.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42051584
@Tom
There's no major playing with routing as it's a Sonicwall. While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono. Both of our approaches both do provide separation, my advise also leaves the OP only needing to have one set of wireless devices from one vendor, which would be managed centrally. So while it would require more effort upfront, the reward will make him wonder why he didn't go through the undertaking before.
1
 

Author Comment

by:regsamp
ID: 42051585
@Tom, well we do have multiple network ports to do it like you said. It had been a little bit since I had checked behind all the cables in the way so I will have to look more into this.
0
 

Author Comment

by:regsamp
ID: 42051623
"While the goal is simply to have more available IP addresses, it does leave the mixing of corporate and guest devices in one network, which is a nono." This is a very good point.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42051656
Let's be honest, both of our approaches (mine and Tom's) can work. However, it becomes a question of what you want the end result to look like and what you're willing/able to spend.

Are your APs all over the place in the office? How many access points are covering the space, and do you mind having two sets of APs?
0
 

Author Comment

by:regsamp
ID: 42051671
We are a small company so we have three wireless routers/APS. Two on on the second floor and one on the main floor for a conference room. It is just that when we have a lot of meetings one week and the clients use the Wi-Fi downstairs the leases stay in DHCP for a week so were thinking of decreasing it to 3 or 4 days. And then we were thinking of VLANS or something to separate it all and get IPs back too.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42051712
What model(s) of switch(es) do you have now? I provided in an earlier links and suggestions for a switch in the case you need one. However, what model you currently have dictates whether you really need a new one or not. But also, there's the question of whether you desire POE switches or you want to use injectors.

As far as the APs go, this is what I'd advise to get (either one of these):
UniFi AC Lite 5 Pack - Not that you need 5, but you can deploy 2-3 and have extras for expansion or as spare in case units go bad.
UniFi AC Pro 5 Pack - Same idea, but these are the ones that I mentioned work with normal POE switches.

Obviously, you can buy them individually instead, but I thought presenting in packs of 5 like this would be comparatively simpler.

With these, you'll have APs that will work with multiple SSIDs and multiple VLANs. So even if you wanted even more wireless networks in the future, you're set without some ridiculous cost.
0
 

Author Comment

by:regsamp
ID: 42051730
We have HP ProCurve Switches currently and that is all we have used for awhile now. Okay, thank you for the recommendations.
0
 
LVL 27

Expert Comment

by:masnrock
ID: 42051738
Ah. If you have ProCurves, then you really don't have to buy replacement switches at all (they should already support VLANs). It would just be more configuration than anything else. Assuming the switches are not POE, get the Lite APs. If they are, I'd recommend going with the Pro. Your monetary cost would solely revolve around the APs themselves. You could have an existing server act as the controller.
0
 

Author Comment

by:regsamp
ID: 42051761
Okay, I will certainly look into it. I am looking at the Superscope too. We are a small business so sometimes we just have to go with the cheapest and quickest options or at least present all the options so I appreciate all the advice.
0
 
LVL 28

Expert Comment

by:Shaun Vermaak
ID: 42052601
Windows DHCP? Lower lease times and enable conflict resolution
1
 

Author Closing Comment

by:regsamp
ID: 42052693
All of the options would work and I did not want to choose a best option but it looks like I have to. Sorry, I would have given equal points if I could.
0
 

Author Comment

by:regsamp
ID: 42052698
Sorry Shaun, I closed this without seeing your good suggestion too. I am doing that now to see if that helps but thank you, very much.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question