"Reserved" IP vs. manually-assigned?

Netgear RP614 router.

Under the LAN configuration menu there are, among others, options for DHCP, and Manually-assigned IP addresses. Under DHCP there is also a table for reserving IP addresses. This feature allows you to use DHCP to dynamically assign addresses except that for each MAC address you specify, the router will assign a particular IP (specified by you).

Is there any difference between reserving an IP address under DHCP, and manually assigning one?

Thanks, Sparky

Reply to
SparkyGuy
Loading thread data ...

I'm not acquainted with the Netgear setup, but typically routers will give you an option of where you want to start the dynamic DHCP IP pool addresses.

The most significant difference is how you want to uniquely manage you network computers, otherwise there is no significant difference between the two methods. Either method will give you a perfectly functioal network.

Therefore, the way I do it may be best for my applications, but not for someone else's.

Typically I set up networks to start the DHCP pool at 100, as in

192.168.0.100. That allows me 155 computers that are "plug and play" so to speak when they plug in their computers to the network. The 0.100 is an easy number to remember, I could have just as easily used 0.10

Pros and cons....

*DHCP is easy to manage.* You don't have to keep a text file on hand to keep track of your IP addresses in the network to avoid assigning a duplicate IP to another computer and end up with IP conflict error messages. A static IP network requires rigid tracking of the IP addresses you've assigned. Static IP's are easy to manage on a SMALL network. In my office I have less than a dozen computers and its easy to remember their address.

*DHCP is easy to connect to a foreign network.* When I'm at a client's site, I set my laptop to DHCP and let it connect to the network. Then I look at my connection status and can find my IP, the subnet, and the gateway address. Setting your laptop with a static IP can often be a hit and miss operation getting connected.

*DHCP requires you to physically go and find a computer's IP address.* If you want to ping or remote into a computer, you have to go and finds it's address. With a static IP, you can ping into the name of the computer (if you have a text file of all the computer names).

*Some applications can only use a static IP* Lets say you have a server, video camera, or need to remote into a computer on your LAN from the outside. You need to set Network Address Translation (NAT) in your DSL modem and/or router. If you computers are set to DHCP, your computers' addresses may be unpredictable.

Again, this is only my unique suggestions off the top of my head. Others may have different suggestions and input for the pros and cons.

Reply to
DTC

I use the same concept here.

Desktop machines are static assigned, under 100, portable devices such as the 3 laptops that come and go here are done by DHCP, over 100.

Some other considerations

- some network games require you to specify the ip address of the other players to connect with.

- some network monitoring utilities are inconsistent, they find only dhcp addresses, or find only static accdrsses, some find both.

- on some routers you can specify that the router will assign dynamically a specific IP address to a specific MAC address.

- if you want to use the DMZ approach, then the address of the computer in question must be static.

- print servers or shared printers seem to prefer a static IP address for the computer they are attached to.

Stuart

Reply to
Stuart Miller

Yes. If you instruct your DHCP server to issue 'static' addresses, you still get all the benefits of using DHCP.

If you decide to assign static addresses, you'll need to visit all hosts if you want to change a simple thing like the DNS server :-)

Reply to
Gerard Bok

I use it. DLink calls it "Static DHCP", but is the same thing.

Both methods achieve the same thing, but I think it is simpler just to have the router give out IP addresses than to statically configure every client -- especially with mobile devices.

Reply to
Eric

SparkyGuy hath wroth:

Yes.

Manually assigning the IP is done at the client computer. It should be assigned outside the DHCP address range of the router. The problem with this arrangement is that if the computer is moved around (as in a laptop) it may need to be setup of other configurations at other locations. There are tricks and utilities to do this, but it's generally best to leave portables set to DHCP.

Pre-assigned IP (also known as static DHCP) is done in the router, where the client is setup for DHCP. Everything is managed at the router. This is good enough for port forwarding, which requires a target computer that doesn't change IP addresses.

I usually prefer pre-assigned DHCP in the router as everything is centrally managed.

Reply to
Jeff Liebermann

Sounds like all good news.

I've already entered the DNS server numbers in each computer that is getting assigned a "fixed" address by DHCP.

So there's no down-side to the "DHCP-assigned-fixed-IP" approach?

Thanks, Sparky

Reply to
SparkyGuy

What's "DMZ"?

Does "static IP address" include those "fixed" addresses assigned by DHCP (assigned per MAC address -- see my original post)

Thanks, Sparky

Reply to
SparkyGuy

Your word is good enough for me, Jeff.

Thanks!

Sparky

Reply to
SparkyGuy

SparkyGuy hath wroth:

There's always a down side to any good idea. The big one is most cheap routers only have room for a few devices in the "static DHCP" table. My guess is the RP-614 can only handle about 10 devices. That may seem like enough but I've run out of table space with systems full of IP cameras, print servers, and IP managed devices. By the time I'm done assigning "static DHCP" or "static Lease" entries for these, there's no room for the PC's.

Reply to
Jeff Liebermann

Good guess. It's exactly ten, and that's how many I have set on my own office LAN.

-- Rich Seifert Networks and Communications Consulting 21885 Bear Creek Way (408) 395-5700 Los Gatos, CA 95033 (408) 228-0803 FAX

Send replies to: usenet at richseifert dot com

Reply to
Rich Seifert

It means 'demilitarized zone'. The concept is that the router will take specific internet requests that it receives, such as port 80 (web servers) and forward these requests to one specific machine. This way you can run a web server on that one machine, and make it open to the public without placing your whole network at risk. There is some disagreement as to how secure an arrangement this provides, and it is only of use if you want a computer to be 'open' to the whole internet. I use it for testing server configurations before I put them on the actual web server here. The actual web server has its own ip address, and is therefore totally isolated from the LAN here.

As far as the client computer is concerned, static means that the computer has an address specified in its network setting and DHCP client is turned off. If DCHP client is turned on, the client does not care (or even know about) how the router decides what IP address to assign.

Stuart

Reply to
Stuart Miller

I would have described a DMZ as a network (not limited to only one machine) segment outside the firewall protecting your internal LAN.

The main point being if your web/ftp/whatever server is compromised your internal LAN is still protected.

Reply to
Rod Dorman

The second big downside is if "you're it" and this cheap router dies, what happens to the office. The more things you put in it the more fragile your office is. These cheaper routers are disposable so plan for it. When I put things like this into a small business I made them buy 2 of the EXACT same model and loaded the running config into the 2nd one. Then if the router died I could talk them through swapping it out from the beach. As that would invariably be where I would be at when it did die.

:)

And if the OP is smart they'll test the swap so you know if they need to do things like power down the cable modem for 5 minutes to make it accept the Mac change or maybe you clone the MAC in the 2nd router to make it match the first. And so on.

David Ross

Reply to
DLR

Not a bad idea.

Or for me it would be a rodeo.

Reply to
DTC

DLR hath wroth:

Good point. My small customers are so cheap and failures are so few, that I don't think I could justify the expense. What I do is set the lease time expiration time to something like a week. I can run for that long until I drag in a replacement.

Key hardware, such as print servers, modem servers, and routers all get static IP's that are not dependent on the static DHCP in the router.

I also save a backup of the router configuration but rarely use it. The printed copy is more useful. That's because if the router needs replacement, it's probably old and ancient. I don't want to be replacing an 802.11b only wireless router with another one that won't do 802.11g or better. So, I use the oportunity to do an upgrade, which makes the backups somewhat useless.

That depends on the size of the company. My medium size companies tend to have Cisco routers with failover setup on primary and backup DHCP servers.

Same with Sonicwall (SonicOS) routers that support DHCP failover (TZ170 mostly).

For small companies, that's overkill. I usually end up walking the affected people through setting a temporary static IP on their desktop so they can continue working. I carry spare routers in my office and in my truck and can usually do a same day replacement. The hard part is finding the paperwork and passwords, which unfortunately my customers deem to be my job, not theirs.

Reply to
Jeff Liebermann

From the original post:

These things are $60 at Frys web site.

I just tell folks, when lightning strikes nearby this is the most likely thing to go. Pay $60 now and 10 minutes of my time or $200 or more when it dies and you want me there NOW!

:)

Reply to
DLR

I have an wireless router here (DLink DI-764, 802.11a/b) that has been running 24/7/365 since 2002. The "Static DHCP" table has 23 entries. Yep, they do add up quickly. I no longer use the radios in the DI-764 (even removed the antennas), it is simply being used as a wired router. (Have a DWL-7100AP 802.11a/g/b WAP attached to it now.) I wish the DI-764 WOULD die so I would have an excuse to replace it with a nice wired router! I'm a cheap bastard that can't justify replacing it as long as it is remains working.

Anyone want to take a baseball bat to it? LOL

Reply to
Eric

This is incorrect, or at the very least, incomplete. You can setup DHCP to reserve addresses based on MAC address. The same hardware will get the same DHCP lease every time. Yes, if you change the hardware in the computer it will require configuring a new lease reservation on the DHCP server. But you'd also have to manually reconfigure it if it was static.

When using a Windows Active Directory domain the DHCP server is integrated with DNS. So the name of the Windows machine can be automatically propogated into the internal DNS. It's also easy to use the GUI to check on what addresses are allocated. Some text-based DHCP servers do not make it this easy and also wonn't integrate with DNS.

But in either case it's a simple matter of speaking with the user and asking them to run the command "ipconfig" or "ifconfig" if they're not on windows box (linux, etc...) to get the unit's current IP address. So it's not like you have to lay hands on it directly.

Again, incorrect if the device CAN use DHCP. Setup a lease for that hardware MAC (Media Access Control, not Macintosh) address and it will always have the same one. Most devices that do not have a user interface (no buttons, no screens) will default to using DHCP out of the box. Manually changing this to something else only complicates your support efforts if/WHEN you have to replace the unit. Otherwise you just read the MAC address off the back of the box when installing it and setup a lease for it.

I do find it useful to setup the DHCP ranges starting above 64 or so. Only to lease the lower addresses free for devices that actually DO require static ones.

Reply to
Bill Kearney

Unfortunately too many folks configure their firewall to let DMZ devices get into the internal network. Thus compromising a DMZ device often provides an

*easier* attack vector than taking the firewall head-on. If you're going to use a DMZ setup, make sure that whatever firewall rules exist for it (and programs running on it) have VERY strict controls on where it can connect internally (if at all).
Reply to
Bill Kearney

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.