+ Post New Thread
Results 1 to 15 of 15
Wireless Networks Thread, DHCP vs Static IP in Technical; Hi, I'm questioning one of our basic policies here at our school division: static IP. (I looked at this post ...
  1. #1

    Join Date
    Jun 2008
    Posts
    105
    Thank Post
    33
    Thanked 3 Times in 3 Posts
    Rep Power
    13

    DHCP vs Static IP

    Hi,

    I'm questioning one of our basic policies here at our school division: static IP.

    (I looked at this post http://www.edugeek.net/forums/networ...tatic-ips.html but didn't really get the answer I was looking for)

    We have 4 separate sites and over 2000 PC's, many AP's, switches, networked printers, etc, all manually assigned IP's by the tech staff. I feel DHCP would be a better choice for time management, if nothing else, but I face arguments for static:

    1. Security - to prevent "anyone" from bringing in a PC and plugging it in, we have static IP's. (Nothing saying you can't just unplug a PC from the network and use its IP, but hey)

    2. We need to know, if a student violates policy on the network, the location (name, IP) of the PC so that we can have documentation of the incident, and are worried DHCP will not give solid enough answers.

    I'm looking for others' arguments to refute those above. =) Any thoughts would be appreciated.

    I do realize that one way or another, printers, network hardware, etc, would need static in some form or another, whether it would be manually entered or set in DHCP (if I'm understanding that correctly, DHCP can assign by MAC address)

    As an aside, we have mainly winXP clients and run a Novell network.

    Thanks as always.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Quote Originally Posted by LCPSWolf View Post
    1. Security - to prevent "anyone" from bringing in a PC and plugging it in, we have static IP's. (Nothing saying you can't just unplug a PC from the network and use its IP, but hey)

    2. We need to know, if a student violates policy on the network, the location (name, IP) of the PC so that we can have documentation of the incident, and are worried DHCP will not give solid enough answers.
    There are Network Access Control solutions that can solve these problems and allow you to use DHCP. Obvious ones are 802.1X or Packetfence. Most commerical 'security' vendors have some sort of NAC solution you can look at too.

  3. #3
    FatBoy's Avatar
    Join Date
    Oct 2007
    Location
    Kent, UK
    Posts
    249
    Thank Post
    55
    Thanked 20 Times in 16 Posts
    Rep Power
    17
    I would say DHCP all the way, static is far to old school IMHO static ip's are no more secure then DHCP at all and with server 2008 you can setup NAC for free like Geoff says helping with security.

    There are bound to be logs either in the event viewer or dhcp server about who has what ip I'm sure (Not that I have looked) at the end of the day doing everything static is a nightmare and you can save yourself I lot of time using DHCP.

  4. #4

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    Point 1 is very much in the "security through obscurity" camp and, as such, just doesn't work. It relies on people not knowing what range of IPs you use - once they know that, they can just make up an IP in the range or just use one that's already in use. That might not let them on the network; it might just mess up the machine that was using the IP but it certainly isn't giving a good outcome.

    Not sure that point 2 helps that much either. I presume you're tracking activity by IP address (eg access to internet) but how do you know who was using which IP at which time? I'm not familiar with Netware; does it give you a log which says "user X logged onto IP 1.2.3.4" or is it giving "user X logged onto machine ABCDEF" and then you use the knowledge that machine ABCDEF has IP 1.2.3.4 to link user to IP? If it's the former, then DHCP makes no difference; if it's the latter then set with the lease time at 8 days you've pretty much got static IP addresses (machines always try to keep the same address. Provided you have enough in the pool they will hardly ever change). You could also add something to your login script to just record the username, ip, machine name, date, time to a log.

    In my opinion, any benefits of static IPs are massively outweighed by DHCP once you go over about half a dozen machines!

  5. Thanks to srochford from:

    LCPSWolf (11th June 2008)

  6. #5
    SteveBentley's Avatar
    Join Date
    Jun 2007
    Location
    Yorkshire
    Posts
    1,432
    Thank Post
    120
    Thanked 263 Times in 189 Posts
    Rep Power
    72
    Quote Originally Posted by LCPSWolf View Post
    1. Security - to prevent "anyone" from bringing in a PC and plugging it in, we have static IP's. (Nothing saying you can't just unplug a PC from the network and use its IP, but hey)
    Can't you run DHCP so it only gives IPs to MAC addresses it knows about?

  7. #6

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,736
    Thank Post
    1,272
    Thanked 1,645 Times in 1,101 Posts
    Blog Entries
    22
    Rep Power
    505
    Plus how about MAC filtering?

    Its dead easy to run a utility to pick up all the MAC addresses of your equipment and only let those get an IP from the DHCP server. Anyone bringing in equipment wont get an IP.

    EDIT: Ah Steve beat me to it.

  8. #7
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104
    angryip scanner to find free ip addresses?

  9. #8
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    42
    Cant believe ppl are still using static for ips on the network and 2000+ done manually!!! WTF . I have to extend out range over here over the summer, and if i had to assign the ips manually... That all i would be doing this summer.

    As with what the others have said, technically you have no security on the network as you currently dont have a way to detect whos set themselves up on the network so you could have ppl on your network now and you wouldnt even know.

  10. Thanks to apeo from:

    LCPSWolf (11th June 2008)

  11. #9

    Join Date
    Jun 2008
    Posts
    105
    Thank Post
    33
    Thanked 3 Times in 3 Posts
    Rep Power
    13

    Wink

    Steve,

    Thanks - this was exactly the sort of response I was looking for. I tend to agree that the considerable issues outweigh the supposed benefits of static IP.

    I'm also pretty new to NetWare, but will check into it. Your point about it either way makes sense.

    Thanks again.
    Damian

  12. #10

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    The only thing I use static IPs for are servers, printers, access points and admin workstations requiring remote support. Everything else is DHCP.

    I also agree that with access points, MAC filtering should be enabled. This is much more secure than giving every machine a static IP. Anyone with a bit of knowledge could work out what the IP information of a network is.

    For laptops, it wouldn't work either, because if staff took them home (more than likely) you'll be using a completely different IP range at home.

  13. #11

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,037
    Thank Post
    209
    Thanked 425 Times in 306 Posts
    Rep Power
    144
    We have some workstations with static IP numbers (mainly admin ones) so we can use remote desktop on them, and obviously printers, wireless APs and other devices need a static IP so you can manage them, we assign these manually and the first set of addresses in our range are reseved for this purpose. For normal run of the mill workstations DHCP all the way.

    The other machines I might consider using a static IP number on is Wireless Laptops, as some wireless systems seem to struggle with DHCP for some reason, and it saves a lot of hassle with them sometimes, as it picks up the network faster when/if the wireless signal drops.

    Mike.

  14. #12

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    The only other argument I can think of, is eventually we'll all be using IPv6. I wouldn't like the job of updating each workstation. I'd go mad!

  15. #13

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,736
    Thank Post
    1,272
    Thanked 1,645 Times in 1,101 Posts
    Blog Entries
    22
    Rep Power
    505
    Quote Originally Posted by maniac View Post
    We have some workstations with static IP numbers (mainly admin ones) so we can use remote desktop on them
    Sorry to go off topic a bit but why can't you connect by hostame?

  16. #14
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,323
    Thank Post
    9
    Thanked 300 Times in 209 Posts
    Rep Power
    99
    To be honest, DHCP can be enabled with no change to the network. You set your scope and everything functions as it has always done.

    Manual assigned IP machines can be gradually brought into DHCP via GP, and will not create any extra work by the IT staff. IP's freed up can be added to the scope to eventually bring the whole network gradually and with minimal fuss.

    If ever the DC goes down or you have DNS server troubles, it can be much easier to setup a backup DNS server or promote a DC and then you only need to adjust the DHCP settings to make everything work again.

    I think once it has been trailed in a few suites, and the staff see the benefits they will soon come round to the idea. It makes having a Ghost server a breeze to image and makes maintenance quicker and easier.

    It has to be worth it just for the staff with laptops and the routine "cant see the network or access the internet" on a monday morning.

  17. #15

    Join Date
    Jan 2007
    Location
    Birmingham
    Posts
    807
    Thank Post
    29
    Thanked 36 Times in 24 Posts
    Rep Power
    26
    DCHP all the way. Even when it's for printers or workstations that need a contstant IP address so LA can remote in for MIS support I just use DHCP with reservations based on the MAC address. This means that when the device connects to the DHCP server they always get the same address, no other device gets it as they dont have the same MAC (unless they are cloning). Only time I might consider static is for the DHCP server (i.e. so it has it's ip address before the DHCP service starts) or for key switches (or for Wireless Access Points), which I want to get the correct IP if the server is not available.

SHARE:
+ Post New Thread

Similar Threads

  1. Anti-Static Bags
    By enjay in forum Hardware
    Replies: 5
    Last Post: 19th June 2008, 12:11 AM
  2. Problem with static site when using IE6
    By kearton in forum EduGeek Joomla 1.0 Package
    Replies: 1
    Last Post: 12th June 2008, 06:57 PM
  3. Anti-static precautions, are they still needed?
    By ITWombat in forum Hardware
    Replies: 12
    Last Post: 17th March 2008, 01:48 PM
  4. DHCP or Static IPs?
    By woody in forum Wireless Networks
    Replies: 13
    Last Post: 22nd November 2006, 01:20 PM
  5. Static IP's for your switches
    By tosca925 in forum How do you do....it?
    Replies: 2
    Last Post: 21st November 2006, 08:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •