Dhcp Range

0 views
Skip to first unread message

Jupiter Fuerst

unread,
Aug 3, 2024, 5:20:12 PM8/3/24
to terbrodwollcho

My IP subnet is 10.0.0.0/8 with DHCP serving from 10.0.0.100-254

I like to put my smart plugs and whatnot in the 10.1.0.x IP range and I've actually discovered that if I set the DHCP pool to something larger that I can assign the IP and when I set the DHCP pool back to normal the assigned IP still functions.

Why do you need to do an address reservation for the IP address outside the DHCP address pool? Those IP addresses are not assigned to the connected devices by the router DHCP server, so there is no need to reserve them in the network.

If you do want to do an address reservation for the IP from 192.168.0.2-0.99, you can enlarge the DHCP address pool on the AX55 to be 192.168.0.2-0.254, then do reservation for the devices that you want to use the specific IP address. Or, you can manually configure the static IP address on the client device itself as described here.

Any device set up and configured, IN/ON the device, to have a specific, static IP address will not even make a DHCP request. Your DHCP config should allow 'room' for those outside your range. In the above example, 192.168.10.1-9 are useful for that.

Any addresses assigned in the DHCP config to hand out specific IP addresses to particular MACs AND all ad hoc, non-configured clients making requests, come out of the DHCP configured range. In the example, 192.168.10.10-250.

If gaps are left, in what you are calling DHCP static, they could be used. The DHCP server will not allow the same address to be handed out but it will use any open, available one, even between others. That is when you configure DHCP static, you just tell the server that certain MACs should get certain IPs. That's all. No other real magic is in play. If a MAC shows up and the server doesn't have a predetermined IP to give it, it will chose another available one to hand out.

If gaps are left, in what you are calling DHCP static, they could be used. The DHCP server will not allow the same address to be handed out but it will use any open, available one, even between others. That is when you configure DHCP static, you just tell the server that certain MACs should get certain IPs.

My question was whether Range of IP addresses to hand out is describing only the first case (the pool of IPs that will be handed over randomly), or whether the "DHCP static" addresses must also be in that pool.

As I am typing, and if we are I the former case, I realized that I could cheat the DHCP server by forcefully adding MACs that do not exist and "reserve" some IPs for later (by editing the MAC to match the one of the device I want to be DHCP static). I will need to try this tonight.

(1) what "free" means depends on the implementation - it is at least "free because I do not have it in my leases", but usually also "free because I do not have it in my leases and I tried to check if it is otherwise already live on the network"

Pi-hole's embedded dnsmasq will serve DHCP requests with an IPv4 address either from its Range of IP addresses to hand out or from its list of DHCP reservations, provided a client's request matches an entry from Static DHCP leases configuration.
Pi-hole does allow to enter any arbitrary fixed IP in that Static DHCP leases configuration, but you should make sure that it doesn't conflict with manual on-device IPs, and that it falls into your router's subnet if you want that to be useful.

Thank you! This answers my question and my idea to "reserve" IPs with fake MACs is not useful after all. I will just move the "Range of IP addresses to hand out" further to the right to make space for statically DHCP assigned IPs.

Well, it will depend on how your network is doing? Do you currently have a fixed IP on your network machines or do you have a reservation of IP addresses? Below the MX do you have switches with these VLANs created? If yes, does the switch have SVIs on these networks or is it just an L2 extension?

The APs are on static IPs (manually set on each AP rather than reserved in the MX) in the Vlan 100 range on x.x.171.x. Is it as simple as updating the Vlan 100 DHCP range and either changing the static IP to the new range or should I just set then to DHCP on Vlan 100 and I assume the MX will assign an address to them?

Networks and Ranges are different object types. The network is what's "on the wire" from the router. The range is the pool of dynamic addresses within that network. Ranges must be in a network, they cannot be directly under a network container.

Best practices are to place all DHCP options at the highest level possible. Generally I recommend only setting options at the grid, member, or network level, and not at the container or range or fixedaddr level. There may be exceptions of course. It's just easier to manage over time when things are consistent.

When I am trying to automate something I usually start by creating somethign manually, and then use API to get the object with all the important fields. Then I turn that into an API call to create one.

The LXD containers grabbed a new IP address in the specified range when the DHCP lease was up, which is set to 1 hour by default (no need to restart any services). Everything appears to be OK, including the application (OpenStack) running inside the containers.

After the latest firmware installed on XR1000, i keep looking connection with multiple and different devices on my home network. my log shows this lease change happening over and over again and it seems to also take place when my connection issues happen. yes i have factory reset after the firmware upgrade.(at least 3 times now). I even tried the new ip range that was suggested. I need help please.

just additional fyi on my setup, My fiber line comes into the house downstairs in my basement. The AT&T router has Wi-Fi turn off and is in pass through mode, & is connected to the XR1000 that is next to it. As I said earlier that my 2nd router aka access point that is upstairs is hardwired and plugged into the XR1000 as well. I just built the house so each room has ethernet plugs that run back to my basement where all my equipment is

You set DHCP range to start at .50? In which case assign reserved IP addresses to devices between .2 & .49 so they're out of the DHCP range, apply, reboot from the interface, wait 2 minutes and see if that stops the disconnects.

yes when i click on the add it will take a second, but then bring up a table of all devices that are currently connected and their ip add. It requires me to add a name and when i go to click add it gives me an error.

I have a small range I use for static IPs (192.168.1.160-169), which was never a problem before as previously DHCP had been setup to use 192.168.1.100-150. Now, it seems like DNSMasq assigns freely from 100 to 254, and I am worried about it assigning to one of the static addresses. Is there a way in Luci to adjust the range used, or do I need to do it in the DNSMasq config file? I have no problem doing that, I'd just prefer to do it in Luci for sake of consistancy.

With the old firmware, instead of setting a pool size, you stipulated the start and stop of the IP range. So, the old default was 192.168.1.100 to 192.168.1.150, giving 51 total possible IPs. Most routers I've worked with in the past have been sorta this way. Some even would have it to where you set the range, as well as the pool size (in case you wanted fewer than the range could allow for).

The wiki gave info on editing the config files. I said earlier I have no issue editing the config files, but was wanting to see how to do it in Luci if possible. That's why the topic was "DHCP IP Range configuration in Luci?", and not just a general "DHCP range Configuration".

we are migrating to FortiGate and I am trying to implement the common scenario with DHCP which we use. We want to have reserved IP addresses for known clients, but assign a dedicated sub-range for unknown clients. E.g. on interface 192.168.1.0/24 we have reserved addresses for known clients from lower half 192.168.1.2-127. But for unknown clients I need DHCP to assign addresses higher than 128, e.g. 192.168.1.129. I have implemented this using various DHCP servers without problem in the past (even cheap routers).

I tried to set this up the way I used to on other devices by restricted DHCP range and reservations out of this range. But GUI complains that reserved address is out of DHCP range. I have been searching the forum and it seems that FortGate isn't able to fulfil this requirement. But I would like to confirm this before I start thinking about workarounds.

Main thing is, both the exclude range and the range of reserved addresses need to lie completely within the DHCP address range, and you need to remove an address from the exclusion before you can reserve it.

FortiGate DHCP can segregate some devices from others to assign IP from a sub-range of the entire range by exact match of MAC address. If you know MAC address of those devices you can define one IP to each within reserved-address config. It doesn't seem to take any wild card to match like only OUI part and allocate an IP from a pool. Likely you have to separate them by vlan and configure access-port at the port of your switch terminating each device's cable if they're wired.

Thank you for your reply. The problem with this approach is that, the dynamic and fixed range changes with each connected workstation. That would require the administrator to change the firewall policies because, these two groups of workstations have different access restrictions. In the end it would be much easier to completely disable dynamic DHCP. It should be possible to achieve this by set mac-acl-default-action block if I understand the hints correctly.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages