DHCP Question...
-
@IRJ said in DHCP Question...:
@WrCombs said in DHCP Question...:
Take your arguing BS somewhere else ; keep it off my thread.
You had your question answered. So whats the issue?
That's my Point: It's been answered, I don't want/nor need to see you guys Arguing about what ever the hell is it Dustin did or didn't do, or what your issue is with his replies.
-
@WrCombs said in DHCP Question...:
He is explaining to me that this company Cybera is setting up a firewall for him at his location and is curious why they would leave it that wide and open without any reserved Static IPS.
If this company is setting up a firewall for him, at the firewall there may not be any additional available IPs to be publicly used. IE the site may only have 1 static IP address provided by the ISP.
It's unusual that they wouldn't have more than just the 1 IP address, but it's possible that their network is just packed. Do you know if he is being given an IPv4 or IPv6 public address for the firewall?
As for internally, usually, you'd want to set your address pool to cover the expected usable devices, rather than just wide open .1-254.
You might have DHCP pool from .100-254 if you don't have a large number of devices and then anything from 1-50 could be a reservation.
Obviously something within the range needs to be the gateway so you'd take one address for that. (presumably from outside of the pool).
-
@DustinB3403 said in DHCP Question...:
@WrCombs said in DHCP Question...:
He is explaining to me that this company Cybera is setting up a firewall for him at his location and is curious why they would leave it that wide and open without any reserved Static IPS.
If this company is setting up a firewall for him, at the firewall there may not be any additional available IPs to be publicly used. IE the site may only have 1 static IP address provided by the ISP.
It's unusual that they wouldn't have more than just the 1 IP address, but it's possible that their network is just packed. Do you know if he is being given an IPv4 or IPv6 public address for the firewall?
As for internally, usually, you'd want to set your address pool to cover the expected usable devices, rather than just wide open .1-254.
You might have DHCP pool from .100-254 if you don't have a large number of devices and then anything from 1-50 could be a reservation.
Obviously something within the range needs to be the gateway so you'd take one address for that. (presumably from outside of the pool).
The point is that everything in that subnet should be in the DHCP pool. Make a reservation if you need it
-
@WrCombs said in DHCP Question...:
.1 isn't reserved, but it's the practice that's most used .
Understood.More clearly, the top or bottom of the subnet is usually the gateway, because it stays out of the way of anything else that may be desired to be put on the subnet.
A typical 192.168.1.0/24 means that your usable IP range is 192.168.1.0 through 192.168.1.254.
If you then want to keep things in certain ranges, having the gateway in the middle of nowhere is just annoying.
So people choose either .1 or .254.
Say you decide to use .1, then you will look at your network and say that I want .2 through .100 to be my networking stuff.
Then .101 through .254 to be the general DHCP pool for all the junk.How you "block" this all off depends on your DHCP server.
How you use DHCP reservations will also depend.I don't have to time show you some competing screenshots of the process.
-
@JaredBusch said in DHCP Question...:
@WrCombs said in DHCP Question...:
.1 isn't reserved, but it's the practice that's most used .
Understood.More clearly, the top or bottom of the subnet is usually the gateway, because it stays out of the way of anything else that may be desired to be put on the subnet.
A typical 192.168.1.0/24 means that your usable IP range is 192.168.1.0 through 192.168.1.254.
If you then want to keep things in certain ranges, having the gateway in the middle of nowhere is just annoying.
So people choose either .1 or .254.
Say you decide to use .1, then you will look at your network and say that I want .2 through .100 to be my networking stuff.
Then .101 through .254 to be the general DHCP pool for all the junk.How you "block" this all off depends on your DHCP server.
How you use DHCP reservations will also depend.I don't have to time show you some competing screenshots of the process.
Think I have a better understanding of it now.
Thanks -
@WrCombs said in DHCP Question...:
He came to me and said "if you set up a dhcp why do you set up .2-.254 with a gate way of .1
don't you want to keep some open for Static IPs... for example: printers?"Because you don't actually need statics. DHCP can have pre-assigned, so there is never a need for a static address other than for the gateway and the DHCP server itself. Just not necessary.
Static are a fine option, but only an option. There's no need for it.
-
@WrCombs said in DHCP Question...:
He is explaining to me that this company Cybera is setting up a firewall for him at his location and is curious why they would leave it that wide and open without any reserved Static IPS.
Simply not needed. He's imaging that statics do something that they do not. It's common to use statics, and nothing wrong with it. but it is generally considered "less ideal" to do so.
-
@Dashrender said in DHCP Question...:
He avoids static whenever possible. There are times where you should absolutely use static (hypervisors/iLo/iDrac, etc).
What would make those absolutely static? As long as you have DHCP working, they don't need to be static. When do you want or need any of them during a DHCP outage? DHCP can be fixed in minutes even when HA has failed.
There is no "absolutely need" statics outside of the gateway and DHCP server.
-
@WrCombs said in DHCP Question...:
.1 isn't reserved, but it's the practice that's most used .
Understood.Reserved "in our minds"
But not reserved in DHCP terms. -
@IRJ said in DHCP Question...:
Yep I agree with others. Just don't use static IPs at all. If you don't have to use reservations that's even better.
Even that is getting more and more rare, for sure.
-
@WrCombs said in DHCP Question...:
This is for a friend of mine who asked me ; And Wanted to be able to send him a link to read up on DHCP Best practices and ideas on his situation.
He came to me and said "if you set up a dhcp why do you set up .2-.254 with a gate way of .1
don't you want to keep some open for Static IPs... for example: printers?"what can I say to him other than
.1 is reserved for gateway?.1 is the gateway so it can't be used in the scenario.He is explaining to me that this company Cybera is setting up a firewall for him at his location and is curious why they would leave it that wide and open without any reserved Static IPS.
I'm sending him the link to this thread to have him read through the answers I get.
Our rule of thumb, and it's a "we've been doing it this way since ... so we keep doing it this way" situation, is to set up the full subnet in DHCP and then set exclusions for what we want to set aside for servers, printers, and the like. We generally set printers via reservation.
Here's a simple scope setup in PowerShell:
Add-DHCPServerInDC Add-DHCPServerv4Scope -Name "OUR Local Scope" -StartRange 10.100.10.1 -EndRange 10.100.10.254 -SubnetMask 255.255.255.0 Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.1 -EndRange 10.100.10.49 Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.200 -EndRange 10.100.10.254 Set-DhcpServerv4OptionValue -ComputerName DC.Domain.com -DnsServer 10.100.10.254 -DnsDomain Domain.com -Router 10.100.10.1 -
The DHCP range is always the full subnet. That is standard, even if Windows lets you do stupid shit.
Here is my home router.
Instead of visibly showing ranges to exclude, outside of windows, you typically tell it hat range to pass out. I'm passing out .31 - .254
Primary DNS is my PiHole on .4
Secondary DNS is the router on .1
Static mapping for things mostly just so I know what they are when looking at pi-hole reports. My Switch on .2, KVM server on .5, and the plex guest on .6, and printer on .7
-
@JaredBusch said in DHCP Question...:
The DHCP range is always the full subnet. That is standard, even if Windows lets you do stupid shit.
Here is my home router.
Instead of visibly showing ranges to exclude, outside of windows, you typically tell it hat range to pass out. I'm passing out .31 - .254
Primary DNS is my PiHole on .4
Secondary DNS is the router on .1Can you clarify something for me @JaredBusch. You stated that DHCP range is always the full subnet, but yours is from .31 to .254. I feel like I'm missing something.
-
@Kelly said in DHCP Question...:
@JaredBusch said in DHCP Question...:
The DHCP range is always the full subnet. That is standard, even if Windows lets you do stupid shit.
Here is my home router.
Instead of visibly showing ranges to exclude, outside of windows, you typically tell it hat range to pass out. I'm passing out .31 - .254
Primary DNS is my PiHole on .4
Secondary DNS is the router on .1Can you clarify something for me @JaredBusch. You stated that DHCP range is always the full subnet, but yours is from .31 to .254. I feel like I'm missing something.
DHCP always serves the entire subnet it is defined on.
If you tell it the scope is a /24, it serves .1-.254 always.
You then subsequently define which part of the scope you want it to hand addresses out on.In windows that is done by "excluding" things.
On most other platforms, it is done by telling it what range to supply to clients that ask for an address. Hence the .31 through .254But regardless of what you specify, either as a range to use or range to exclude, DHCP still serves the entire scope.
This is why you can make reservations outside of the listed range as in my .7 printer and .10 phone.
-
Here is a shot from Windows Server 2012 R2.
I have had to explain many times over the years that just because you "exlcude" a range, it does not mean you cannot put a DHCP reservation in that excluded range. Because DHCP is still and always serving the entire subnet defined in the scope.
-
@JaredBusch said in DHCP Question...:
@Kelly said in DHCP Question...:
@JaredBusch said in DHCP Question...:
The DHCP range is always the full subnet. That is standard, even if Windows lets you do stupid shit.
Here is my home router.
Instead of visibly showing ranges to exclude, outside of windows, you typically tell it hat range to pass out. I'm passing out .31 - .254
Primary DNS is my PiHole on .4
Secondary DNS is the router on .1Can you clarify something for me @JaredBusch. You stated that DHCP range is always the full subnet, but yours is from .31 to .254. I feel like I'm missing something.
DHCP always serves the entire subnet it is defined on.
If you tell it the scope is a /24, it serves .1-.254 always.
You then subsequently define which part of the scope you want it to hand addresses out on.In windows that is done by "excluding" things.
On most other platforms, it is done by telling it what range to supply to clients that ask for an address. Hence the .31 through .254But regardless of what you specify, either as a range to use or range to exclude, DHCP still serves the entire scope.
This is why you can make reservations outside of the listed range as in my .7 printer and .10 phone.
When we define the DHCP Scope we can s
et the delivery IPsdefine it to 10.100.10.31 - 10.100.10.225 or the like. One does not need to define the scope according to the full subnet whatever that may be. -
@JaredBusch said in DHCP Question...:
Here is a shot from Windows Server 2012 R2.
I have had to explain many times over the years that just because you "exlcude" a range, it does not mean you cannot put a DHCP reservation in that excluded range. Because DHCP is still and always serving the entire subnet defined in the scope.
OK - that makes sense since you put it that way. But Windows does allow you to specify things other than the whole subnet, i.e. the whole /24, just like your EdgeRouter does
-
@PhlipElder said in DHCP Question...:
@JaredBusch said in DHCP Question...:
@Kelly said in DHCP Question...:
@JaredBusch said in DHCP Question...:
The DHCP range is always the full subnet. That is standard, even if Windows lets you do stupid shit.
Here is my home router.
Instead of visibly showing ranges to exclude, outside of windows, you typically tell it hat range to pass out. I'm passing out .31 - .254
Primary DNS is my PiHole on .4
Secondary DNS is the router on .1Can you clarify something for me @JaredBusch. You stated that DHCP range is always the full subnet, but yours is from .31 to .254. I feel like I'm missing something.
DHCP always serves the entire subnet it is defined on.
If you tell it the scope is a /24, it serves .1-.254 always.
You then subsequently define which part of the scope you want it to hand addresses out on.In windows that is done by "excluding" things.
On most other platforms, it is done by telling it what range to supply to clients that ask for an address. Hence the .31 through .254But regardless of what you specify, either as a range to use or range to exclude, DHCP still serves the entire scope.
This is why you can make reservations outside of the listed range as in my .7 printer and .10 phone.
When we define the DHCP Scope we can s
et the delivery IPsdefine it to 10.100.10.31 - 10.100.10.225 or the like. One does not need to define the scope according to the full subnet whatever that may be.Right, in Windows, you have a starting point and an ending point.
I suppose he's talking about the Length indicator here. That Windows will serve that entire /24 as long as it has data in that range to provide, i.e. the scope or reservations outside of the scope.That's cool - I didn't know that, hadn't considered it before.
-
@Dashrender said in DHCP Question...:
@PhlipElder said in DHCP Question...:
@JaredBusch said in DHCP Question...:
@Kelly said in DHCP Question...:
@JaredBusch said in DHCP Question...:
The DHCP range is always the full subnet. That is standard, even if Windows lets you do stupid shit.
Here is my home router.
Instead of visibly showing ranges to exclude, outside of windows, you typically tell it hat range to pass out. I'm passing out .31 - .254
Primary DNS is my PiHole on .4
Secondary DNS is the router on .1Can you clarify something for me @JaredBusch. You stated that DHCP range is always the full subnet, but yours is from .31 to .254. I feel like I'm missing something.
DHCP always serves the entire subnet it is defined on.
If you tell it the scope is a /24, it serves .1-.254 always.
You then subsequently define which part of the scope you want it to hand addresses out on.In windows that is done by "excluding" things.
On most other platforms, it is done by telling it what range to supply to clients that ask for an address. Hence the .31 through .254But regardless of what you specify, either as a range to use or range to exclude, DHCP still serves the entire scope.
This is why you can make reservations outside of the listed range as in my .7 printer and .10 phone.
When we define the DHCP Scope we can s
et the delivery IPsdefine it to 10.100.10.31 - 10.100.10.225 or the like. One does not need to define the scope according to the full subnet whatever that may be.Right, in Windows, you have a starting point and an ending point.
I suppose he's talking about the Length indicator here. That Windows will serve that entire /24 as long as it has data in that range to provide, i.e. the scope or reservations outside of the scope.That's cool - I didn't know that, hadn't considered it before.
Yeah, that's the ticket. Start IP and End IP settings can be whatever so long as they fall in the subnet mask below.
-
@Dashrender said in DHCP Question...:
But Windows does allow you to specify things other than the whole subnet, i.e. the whole /24, just like your EdgeRouter does
You can define more than a /24, but not less.
In the following pic, you can see the subnet is /24, in the 192.168.100.0 scope.
The popout is where you define the DHCP scope to be distributed, not the scope of the subnet.Be sure not to use "Subnet" and "DHCP Scope" interchangeably like M$ does.
MS Has you define a scope when you create a new subnet to be served by DHCP, you don't really do anything with the DHCP Scope until you start filling in the Start IP and End IP. No matter how restrictive you make the DHCP Scope (11 to 50 in this case), you will still have a subnet of 255.255.255.0. If you were to make the DHCP scope 192.168.100.1 to 192.168.101.254, you would see the Subnet automatically change to 255.255.254.0
