Subscriber Discussion

DHCP Lease Vs Own?

TS
Todd Smith
Oct 13, 2015
IPVMU Certified

We had an interesting debate at work about exactly how DHCP works and who holds the lease / IP address.

Understanding you can set ranges for which addresses are in a dhcp pool and which are static. With that said - I would like your take of how the following would work. This may be in another discussion but was unable to find exact answer.

I have a dual NIC server set to static on client network side and static on camera side. The client changes their IP network scheme and our server no longer communicates to the external network due to diff subnet / ip range. I switch from static to DHCP to find their new network range. Once a DHCP address is assigned to the NIC with new IP range and subnet then we take that exact address and make it static.

Who owns the rights to that address. The router has a table saying yes - this MAC address on this NIC owns this IP address. Does the server set the lease or does the router retake address back and add it to the pool when it decides. When running ipconfig you can see the lease time, understood.. Does IT have to designate me that IP address from the DHCP pool or will router "know" that IP address is no longer available because it hasn't given it back. Will the router automatically assign that address to another device even though there is a MAC address with associated DHCP address running through it's ports?

I recently attended a training / multi-vendor class and had two claim that you can take the DHCP IP address that was given to you and make it static with no issues or conflicts. Any ideas or references to articles. Thank you.

JK
Jacob Kresse
Oct 13, 2015
IPVMU Certified

What you will need is called a 'Reservation', that will permanently assign the mac address of your client the specified IP. It will behave like a static address, but will be managed by the server with nothing needing to be touched on the client.

DHCP leases are managed (owned by) by the server assigning IPs. They have a pool of addresses and a lease time that is set on the server(usually about 8 hours). Once that expires if the machine isn't active on the network the address will go back into the available pool and the next time that client connects it will be given the next available address. If a machine stays on 100% of the time then it will usually keep the same IP, but that's not 100%

PS when I say Server, I mean simply the device managing DHCP, could be a router, switch, windows or linux server.

(1)
TS
Todd Smith
Oct 13, 2015
IPVMU Certified

That was a very direct and informative reply. Thank you very much.

U
Undisclosed #1
Oct 13, 2015
IPVMU Certified

I recently attended a training / multi-vendor class and had two claim that you can take the DHCP IP address that was given to you and make it static with no issues or conflicts.

I would disagree with the wording. IMHO, you should not configure an IP address, that falls within the DHCP servers allocation range, as static on the client. Even when using a permanent reservation on the server, you would still leave the client set to DHCP.

Doing it this way insures that the client gets all the other current parameters, like DNS servers and gateways, you would otherwise have to hard code in the client.

Plus, if you need to change the IP of the client you only need to do it at the server.

On the other hand if you don't make a reservation on the server at all, but just make it static on the client, you are likely to get away with it until your router reboots and then gives out the IP's which don't have current reservations on a first come, first serve basis.

Some routers let you convert leases into reservations with just a click, so that's a painless way of getting it right.

(1)
Avatar
Jon Dillabaugh
Oct 13, 2015
Pro Focus LLC

Without a reservation, you cannot be assured that your IP address won't be given to another DHCP client. If your PC with a static, but not reserved, IP address is rebooted or unplugged for some reason, that address will be possibly reallocated to a new host.

Best scenario is to obtain a DHCP Reservation

Next best option is a Static IP address with a DHCP Exclusion

Last option would be a Static IP outside of the DHCP Scope

(1)
Avatar
Brian Karas
Oct 14, 2015
Pelican Zero

If your DHCP server is operating properly, it will attempt to ping an address before assinging it to a new device. If that addres is statically assigend to a device (like a camera), the device will respond to the ping, and the DHCP server will realize the address is taken and try the next one in the pool.

In an ideal case, you can assign an IP address in the middle of a DHCP range to a device like a camera and everything will work OK. Until... You have a power outage and devices come up in a random order, and the camera isn't online when the DHCP server pings it, and the server gives that IP to a print server and you end up with IP conflicts.

The DHCP server owns the IP's in the pool, and if you don't properly reserve or exclude them you will likely run into strange issues at inconvienient times.

(1)
MI
Matt Ion
Oct 14, 2015

I recently attended a training / multi-vendor class and had two claim that you can take the DHCP IP address that was given to you and make it static with no issues or conflicts. Any ideas or references to articles. Thank you.

I'd agree with U1 regarding this statement, that if you have access to configure the DHCP server or can have someone else change it readily as needed, it is generally preferable to keep all devices dynamic and assign reservations to them so that changes like gateway, DNS, etc. can propagate automatically. Note the bolded text, though: if you don't have the ability to update the DHCP server, or have it updated as needed, you could run into a problem in the process of setting things up.

With that in mind, I'll add another consideration here, in that handling of static addresses within the DHCP pool will vary depending on the DHCP server. I've had routers that nicely recognized when an address was in use and handily avoided giving it out in response to DHCP requests. I've seen others that will merrily give out the next available address whether something else has it statically already or not. Obviously the latter causes problems... the former, while not being ideal, doesn't.

With our main client, we've arranged a middle ground: where we used to multi-home the NIC in the DVR with both an assigned static IP on their 10.xx LAN, and a 192.168.2.xx IP for all our other equipment, they now have managed switches and firewalls on all their sites and give us our own VLAN for all our equipment, following the standard of 10.xx.1.* where xx is the site number. From there we devised a set of IP ranges to be used for all sites:

10.xx.1.20-39 is the DHCP pool available to the VLAN
10.xx.1.40 and .41 are for the DVRs/NVRs (some sites use two)
10.xx.1.45 is the management console on the RAID
10.xx.1.46 thru 49 are the iSCSI ports
10.xx.1.50 thru 59 are our managed switches (most sites only have one)
10.xx.1.60 thru 69 are video decoders (for public awareness monitors, usually)
10.xx.1.95 thru 99 are access control panels
10.xx.1.101 thru 132 are cameras on the first DVR/NVR, the IP corresponding to the channel
10.xx.1.201 thru 232 are cameras on the second DVR/NVR

All devices are statically assigned, with the DHCP pool being there mainly for initial setup of devices that default to DHCP (Advanced IP Scanner can then find them easily).

Other trades/technology areas have their own dedicated VLANs as well.

This works well because the guy who has the task of managing the VLANs isn't always available to add or change reservations for us (and the other trades), and certainly doesn't want to be spending all his time managing the reservation tables.

TS
Todd Smith
Oct 14, 2015
IPVMU Certified

Appreciate the time everyone has taken to reply with insightful information. Great to have a resource like IPVM to confer with other Real World integrators who have much experience and can relate "lesson learned" war stories to help others implement and maintain their clients peacefully.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions