+ Post New Thread
Page 1 of 3 123 LastLast
Results 1 to 15 of 33
Windows Server 2008 R2 Thread, What are the benefits of Static IP addresses? in Technical; Hi all, From previous help you have given me I see that some people start off by saying "if you ...
  1. #1

    Join Date
    Mar 2011
    Location
    Waterford
    Posts
    32
    Thank Post
    14
    Thanked 1 Time in 1 Post
    Rep Power
    0

    What are the benefits of Static IP addresses?

    Hi all,

    From previous help you have given me I see that some people start off by saying "if you have static IP addresses on all the PCs in the computer labs then....". I was just wondering what the advantages to having static IP addresses are and are there any drawbacks to setting the PCs to have the same IP address all the time.

    Being a self taught server maintenance guy I only have experience of Group Policy when I've needed to do something specific rather than having trained in it and knowing it in a general sense but I would imagine it would make things easier in relation to GP? Am I right in that assumption?

    I had the MAC addresses for 90% of the PCs in the college from another project last year so I set about creating reservations in the DHCP management console. I have done this for 180 of the 240 PCs so far and I've tested a couple of labs and they all take the IP address I set up for them.

    The VP here in the college wants me to set up VPNs which I have no experience of but will research over the coming months. Would static IP addresses be beneficial here too?

    Basically, what are the pros and cons of Static IP addresses through DHCP reservations?

    Thanks for any insight.

    K

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,328
    Thank Post
    622
    Thanked 1,577 Times in 1,414 Posts
    Rep Power
    413
    TBH I would never suggest static ip's on lab computers only servers, routers, printers , waps and even then I use DHCP reservations for most of those.

    Ben

  3. #3

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,641
    Thank Post
    894
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441
    I personally dont see the point of static ip's for most client/desktop scenarios. If you use a good machine name policy its easy to use and GP has nothing to do with IP so being static or dynamic should make no difference.
    Servers should be static obviously but thats all unless the client has a specific need that machine name doesnt meet.

  4. #4
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,779
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    I use only static IPs for specific devices, Servers and Switches really. This is so most things run smoothly if there is a DHCP / networking anomaly.

    In a lab I usually don't have a DHCP server setup so have to manually assign addresses.

    Thats all.

  5. #5

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    Static helps fault finding - you know what the IP is supposed to be - if its not pinging - its bust or disconnected or switched off - doesn't rely on anything else working.

    I don't think anyone would recommend reserving IPs for normal client computers - I use them for servers,Access Points (I only usually have about 8 at most) and printers - I give the printer a static ip (See above as too why) and I also reserve it in case the printer forgets its static IP - so its a backup ploy

    The APs can then be simply accessed on their web admin pages via their known static IP - no reliance on local DNS lookups.

    Si

  6. #6

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,641
    Thank Post
    894
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441
    Quote Originally Posted by SimpleSi View Post
    Static helps fault finding - you know what the IP is supposed to be - if its not pinging - its bust or disconnected or switched off - doesn't rely on anything else working.
    In a smaller none AD scenario yes but if DNS is not working to resolve client names to IP's then nothing is working really anyway with AD

    Quote Originally Posted by SimpleSi View Post
    I give the printer a static ip (See above as too why) and I also reserve it in case the printer forgets its static IP - so its a backup ploy
    HP had several models that forgot their static ip settings and reverted, doing that saved lots of hassle.

  7. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,780 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Static for key infrastructure devices ... DCs, core servers, core and essential switches ... For all other devices I recommend DHCP reservations.

    Not only is this a good thing for fault finding but also essential when completing audits of activity. Depending on your setup, your ISP might identify an IP which needs investigating ... and then you try to track this down to the locally assigned IP. Some systems in place might log the authenticated user but other systems might not ... especially if you have a rogue / dirty device on your network which is not part of your domain.

    By having an assigned IP it makes this a heap easier to deal with.

    Looking at worst case scenario, if a legal investigation is required (i.e. police or other authority come in) then they might be looking back at logs from months earlier ... and with DHCP release set at 8 days ... that is useless.

  8. #8

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,641
    Thank Post
    894
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441
    Quote Originally Posted by GrumbleDook View Post
    Not only is this a good thing for fault finding but also essential when completing audits of activity. Depending on your setup, your ISP might identify an IP which needs investigating ... and then you try to track this down to the locally assigned IP. Some systems in place might log the authenticated user but other systems might not ... especially if you have a rogue / dirty device on your network which is not part of your domain.

    By having an assigned IP it makes this a heap easier to deal with.

    Looking at worst case scenario, if a legal investigation is required (i.e. police or other authority come in) then they might be looking back at logs from months earlier ... and with DHCP release set at 8 days ... that is useless.
    From a client perspective thats basically the same as saying if you give any device direct access to the net without authentication (or logging the user) then you would have to fall back on static ip's which dont prove the user just the device?
    From a legal perspective I would be surprised they could hold anyone but the school to task for not logging appropriately as a device != person even if it is their own. Also this precludes the fact that the machine name/device name may not have changed and before we get to spoofing mac addresses which all throws out the whole ip = person. I am not sure how *essential* static ip is, authentication logging is and should be account based, anything else makes the case to link the traffic to the user much much harder without account logging.
    For guest access devices (aka visiting person) ip/devices logs could be enough if you can say you saw the device in the possession of the person when the offence happened.
    Last edited by ZeroHour; 21st May 2012 at 05:05 PM.

  9. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by KevWCFE View Post
    Hi all,

    From previous help you have given me I see that some people start off by saying "if you have static IP addresses on all the PCs in the computer labs then....". I was just wondering what the advantages to having static IP addresses are and are there any drawbacks to setting the PCs to have the same IP address all the time.

    Being a self taught server maintenance guy I only have experience of Group Policy when I've needed to do something specific rather than having trained in it and knowing it in a general sense but I would imagine it would make things easier in relation to GP? Am I right in that assumption?

    I had the MAC addresses for 90% of the PCs in the college from another project last year so I set about creating reservations in the DHCP management console. I have done this for 180 of the 240 PCs so far and I've tested a couple of labs and they all take the IP address I set up for them.

    The VP here in the college wants me to set up VPNs which I have no experience of but will research over the coming months. Would static IP addresses be beneficial here too?

    Basically, what are the pros and cons of Static IP addresses through DHCP reservations?

    Thanks for any insight.

    K
    There are no real advantages to setting up all PCs with a static IP. I only set static IPs when necessary, such as servers, printers and WAPs. I suppose the disadvantages are that it's incredibly time consuming and it's something that DHCP Server just takes care of (when setup correctly).

    Servers need a static IP as this typically where DNS, DHCP and other services are hosted. Printers and WAPs can be used on a static or dynamic IP, but for ease of management, static IPs are the way forward.

    The advantages of DHCP Server is that it's comparatively quick to setup and there are a whole array of DHCP options you can figure, such as a time server. Keeping everything in sync time wise is very important.

    You could also argue (for example) if you change your IP scope from a Class C to a Class A or IPv6, or changed your DNS/Gateway it would simply be a case of updating DHCP Server (a 5 minute job) instead of going round manually updating each device.

    Setting up a static IP on a notebook, tablet or phone isn't really an option. If the user is expected to use their notebook, tablet or phone at home or on the move, the odds are that their IP range is totally different. The router at home or in public (typically a DHCP Server) would dish out IPs here too. The point is it's all dynamic and the only people that care are us guys (so long as it's working).

  10. #10

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,157
    Thank Post
    12
    Thanked 224 Times in 214 Posts
    Rep Power
    66
    Static's should only be used on servers I think. If you DNS works printers do not need them is my view. Client PC's if you use them it causes a nightmare, only use if you have to.

  11. #11

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,705
    Thank Post
    3,236
    Thanked 1,045 Times in 967 Posts
    Rep Power
    363
    When any of you are stating 'you use a dhcp reservation' does that mean

    1. You set the dhcp reservation in DHCP via the mac address of said device and then on the actual device you

    A - Still program or manually set the ip address info ( ip address, subnet mask, default gateway, dns servers ) statically
    B - Leave said device to DHCP as it will pick up the dhcp reservation anyway

    2. When Switches, Servers or other devices that need Static IP Addresses I presume you just manually and statically assign them the said network address info ( so IP Address, subnet mask and any other relevant info that you need to assign them )

  12. Thanks to mac_shinobi from:

    tekins (23rd May 2012)

  13. #12

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    For all other devices I recommend DHCP reservations. ... but also essential when completing audits of activity.
    I'm with ZH on not being essential at all
    Si

  14. #13

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    When any of you are stating 'you use a dhcp reservation' does that mean

    1. You set the dhcp reservation in DHCP via the mac address of said device and then on the actual device you

    A - Still program or manually set the ip address info ( ip address, subnet mask, default gateway, dns servers ) statically
    B - Leave said device to DHCP as it will pick up the dhcp reservation anyway
    A (and then B when A fails) - its a defensive HP Printer strategy - they can forget their static settings so its a backup strategy for when that happens


    2. When Switches, Servers or other devices that need Static IP Addresses I presume you just manually and statically assign them the said network address info ( so IP Address, subnet mask and any other relevant info that you need to assign them )
    yep
    Si

  15. #14

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,808
    Thank Post
    1,476
    Thanked 592 Times in 444 Posts
    Rep Power
    168
    In a smaller none AD scenario yes but if DNS is not working to resolve client names to IP's then nothing is working really anyway with AD
    Another reason to not use AD
    Si
    HOME - One workgroup to rule them all

  16. #15

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,641
    Thank Post
    894
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    441
    Quote Originally Posted by SimpleSi View Post
    Another reason to not use AD
    Si
    HOME - One workgroup to rule them all
    Dont you mean WORKGROUP

    RE: Tony's points, actually a really really good policy could make ip logs enforceable along with the requirement to prevent unauthorised access to the device with a non shared password (aka getting around account logged)

SHARE:
+ Post New Thread
Page 1 of 3 123 LastLast

Similar Threads

  1. Running out of Admin IP addresses
    By Craig_W in forum Wireless Networks
    Replies: 22
    Last Post: 19th June 2007, 07:05 PM
  2. Please Help - What are the challenges and opportunities faci
    By doc69 in forum School ICT Policies
    Replies: 2
    Last Post: 20th May 2007, 07:28 PM
  3. Microsoft, Cisco or Comptia - What are the Pros and Cons?
    By eddiebaby in forum Courses and Training
    Replies: 5
    Last Post: 3rd May 2007, 06:22 PM
  4. How are the rest of your schools connected?
    By Dos_Box in forum General Chat
    Replies: 24
    Last Post: 8th August 2005, 10:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •