Question Regarding Best Practices to Handle DHCP and Static IPs

csimmons1324
csimmons1324 used Ask the Experts™
on
My environment consists of a Sophos UTM Firewall, two ESXi Hosts, about 12 Windows Servers running as VMs, some physical switches, physical wifi controller and APs, network printers, and client PCs.  

On my Windows DHCP server, I have the scope defined as 10.20.0.1 thru 10.20.0.254.  I have an IP exclusion range from 10.20.0.1 thru 10.20.0.100.  I currently assign static IP addresses to my Firewall, WiFi controller, Switches and all Servers (running as VMs).  All of these devices and servers are assigned IPs within the 10.20.0.1 thru 10.20.0.100 IP range.  In addition to assigning the devices and servers static IPs, I also create reservations for them within my DHCP server.  

I also create DHCP reservations for my network printers but I leave the printer itself configured to acquire the IP address from the DHCP server.  All of my client PCs, BYOD devices, etc. simply receive an IP address from the DHCP server.  

Is there any problem in creating reservations for my servers and hardware despite the fact that the IP range they fall within is excluded from the scope AND the IP address is physically assigned to the device or server?  I was creating the reservation so that I had quick visibility within the DHCP server as to what server / device had a given IP address.  However, I am not sure if creating these reservations could cause a potential conflict or not.  The one "flaw" that I could see is that if a VM is moved or restored then the virtual NIC would be assigned a different MAC address then it had originally.  Therefore, the reservation for the server would not be applied to that server since the MAC address on the DHCP reservation no longer matches the MAC address of the virtual NIC.  However, the IP was assigned statically to the server so the IP would remain the same and everything would function as normal on a moved or restored VM.  

Do any of you see a problem with how I am handling IPs within my network?  Do you have any other recommendations of pointers?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Lead Infrastructure Architect
Commented:
if they are excluded from your DHCP Range then its not nessecary, but unless you have anywhere else for documentation at least you can see whats on which IP.
csimmons1324IT Manager

Author

Commented:
Thank you for the comment, Chris.  At the moment, I do not have it documented anywhere else.  I'm a one person IT department that has to keep everything all of the IT stuff up and running, as well as oversee some of the corporate admin functions (A/R, A/P, etc.).  My goal is to get everything documented in detail but it constantly gets pushed to the back-burner due to other projects and daily tasks.
ChrisLead Infrastructure Architect

Commented:
In that case it removes the only other point i would state which is the risk of confusing anyone else in support, if its just you then its a good place to document with no obvious risk
Seth SimmonsSr. Systems Administrator
Commented:
Is there any problem in creating reservations for my servers and hardware despite the fact that the IP range they fall within is excluded from the scope AND the IP address is physically assigned to the device or server?

problem?  no.  i just don't see the point

if a VM is moved or restored then the virtual NIC would be assigned a different MAC address then it had originally

good reason

the IP was assigned statically to the server so the IP would remain the same

defeats the purpose of having a reservation if it is set statically

My goal is to get everything documented in detail but it constantly gets pushed to the back-burner due to other projects and daily tasks.

i feel your pain
if your network isn't that complicated (sounds like it isn't) then you can use a spreadsheet to keep track of addresses; this is what i do and works well
I don't see any problem with the way you're doing it.  I handle the situation in a similar manner, although I don't always exclude an IP address range.  Since most of my clients have fewer than 100 or so devices that use DHCP only (i.e., no reservations or static addresses), I allow those devices to claim the first 100-150 IP addresses.  Then I simply reserve addresses starting at 150 or so for all my devices that require a static or reserved IP address.  I pretty much do it the same as you described - all my servers, switches, firewalls, etc., have static addresses and reservations.  For printers I sometimes use reservations alone or assign a static address and use a reservation. It's very convenient to have those reservations regardless of whether you exclude a range or not. The reservation simply acts as a record-keeping method that's easily accessible.

<<The one "flaw" that I could see is that if a VM is moved or restored then the virtual NIC would be assigned a different MAC address then it had originally.  >>

That's not really a flaw since, as you commented, the address is still reserved regardless of whether the MAC address matches the actual MAC address of the server's NIC.  I would probably go back and change the reservation to show the correct MAC address just for convenience in having the correct data recorded.  I have, in fact, sometimes reserved an IP address using a MAC address of 000000000000 if I have a new device coming in that will be assigned a static address and I don't know the MAC address yet.  Believe it or not, DHCP doesn't complain about this at all!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial