Re: [Fedora] Re: DHCP with static nodes

From: Scot L. Harris (webid_at_cfl.rr.com)
Date: 07/25/05

  • Next message: Timothy Murphy: "Mysterious loss of sound" 
    To: For users of Fedora Core releases <fedora-list@redhat.com>
Date: Mon, 25 Jul 2005 08:33:16 -0400

    On Mon, 2005-07-25 at 01:10, Ashley M. Kirchner wrote:
    > Scot L. Harris wrote:
    >
    > >The easiest thing to do is to allocate a portion of your address space
    > >on the LAN for static addressed devices.
    > >
    > That is no longer an option. Many of our devices in the building
    > were installed and are supported by third party vendors who have, at
    > time of installation, configured their applications to work based on
    > those IPs. Consequently, we have devices with static IPs that are
    > scattered all over the spectrum. I can't change them and clump them all
    > together in a range without going through some serious pain, contacting
    > each vendor and have them send a technician to come "fix" the issue. I
    > need to work with what's currently there.
    >

    To bad. Sounds like some prior planning would have made this so much
    easier to maintain and keep secure.

    > >You can configure DHCP to allocate specific addresses based on the MAC
    > >address of the device. But why bother? IMHO it just makes more work to
    > >use DHCP for devices that really should be statically defined in the
    > >first place.
    > >

    Read Markku Kolkka's message with the details on how to allocate an IP
    address to a specific MAC address.

    > We go through client computers faster than we do our larger
    > equipment. We have clients who walk in the building wanting to get onto
    > our network. I'm not there every time, and without me in the building,
    > it's a guessing game for them to figure out what IP they can use to get
    > on. Let alone having to figure out how to even set a static IP and
    > proper routing on our network. Most laptops you buy nowadays are, by
    > default, configured for DHCP. Most routers you buy, is configured for
    > DHCP, so most people don't bother with any networking, or to figure out
    > how to actually change their settings. So, it makes more sense, for us,
    > a service bureau, to convert part of our network to DHCP for our
    > clients. I just need to figure out how to do it while retaining the
    > static IPs that are required, and converting everything else to DHCP and
    > call it a day.

    I was not saying to do away with DHCP entirely. It just makes more
    sense to statically assign IP addresses to infrastructure devices like
    printers/servers that don't have a need to get their addresses
    dynamically. IMHO using DHCP for such devices leaves you open to a
    variety of problems, the least of which is when the lease expires that
    device not getting the same IP. The worst case is someone plugging into
    your network and some how forcing a take over of one of your server IP
    addresses then sitting there collecting login attempts to get passwords
    and other data. Or just passing out invalid data.

    If I was in your position I would have a separate firewalled LAN segment
    for walk in clients which used DHCP. The firewall would be used to
    monitor activity and limit what services/devices they could access on
    the internal LAN used for such devices.

    I would also be using statically assigned IP addresses on the
    servers/printers so my monitoring tools could keep track of those
    devices. I would be using something like opennms, nagios, or big
    brother as well as mrtg or cacti to monitor all infrastructure devices.
    This would include routers, firewalls, printers, servers, and even some
    clients that are always on the network. I would also be using something
    like arpwatch or arpsnmp to monitor what devices connected to the LAN.

    By doing some planning up front all of this can be so much easier to
    maintain and trouble shoot when there are problems. And setting up a
    few tools to automatically monitor most things on your network make the
    job a whole lot easier.

      

    -- 
Scot L. Harris
webid@cfl.rr.com
Blessed is he who expects nothing, for he shall never be disappointed.
		-- Alexander Pope 
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Timothy Murphy: "Mysterious loss of sound"

    Relevant Pages

    • Re: DHCP issue
      ... With this addressing clients and the server have no ... It is usually not recommended to have two network card in a domain controller, unless it is Microsoft SBS (Small Business Server). ... Let's get this DHCP service going for you first. ...
      (microsoft.public.windows.server.general)
    • Re: DHCP issue
      ... With this addressing clients and the server have no ... controller with two network cards. ... since DHCP got stuck on Acquiring Network Address forever. ...
      (microsoft.public.windows.server.general)
    • Re: Vista clients became unresponsive after network move
      ... was mentioned that DHCP wasn't used, ... used, and all clients are static and incorrectly configured, I can ... network connection. ... IPs are static assigned IPs in 192.168.x.x range. ...
      (microsoft.public.windows.server.networking)
    • Re: Vista clients became unresponsive after network move
      ... was mentioned that DHCP wasn't used, ... used, and all clients are static and incorrectly configured, I can ... All other IPs are ... network connection. ...
      (microsoft.public.windows.server.networking)
    • Re: Network Mapper
      ... of the UI is horribly clunky to a Mac user, ... run the client on my Mac while my clients can run the back end on ... I should add that all I wanted to monitor was a single /22 ... Don't know enough about your network to comment. ...
      (uk.comp.sys.mac)