Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: DHCP vs Static IP addresses

DHCP vs Static IP addresses 6 years 9 months ago #33089

  • aaown
  • aaown's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Our security manager is trying to force us to move from a DHCP / Static network to a purely static IP network

We have about 300 clients, 70 servers, and 9 offices each on a seperate subnet.

Is / has anyone out there had to move from a DHCP network to a static IP network?

Is anyone using just static IP's on their entire network?

Does this make any sense to folks out there?

I would appreciate any feed back what so ever.

Thanks,
The administrator has disabled public write access.

Re: DHCP vs Static IP addresses 6 years 9 months ago #33090

  • KiLLaBeE
  • KiLLaBeE's Avatar
  • Offline
  • Expert Member
  • Posts: 466
  • Karma: 0
How is the security manager reasoning that this is an intelligent/beneficial change?

My answer to your questions is no
The administrator has disabled public write access.

Re: DHCP vs Static IP addresses 6 years 9 months ago #33091

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
We have a whole class B network registered to our University and about 95% of it is using static IPs. Only wireless clients are using DHCP. But this scheme is inherited from way back, they are thinking now of changing everything to DHCP.

I personally think that both schemes have their own pros and cons. DHCP is probably much simpler and faster to deploy. But static IPs are a little easier to manage, monitor, control and secure in the sense that you know who is taking what IP . Nevertheless, there might exist newer capabilities/software/tools now that can make managing and controlling DHCP a better experience.

May I ask what is the main problem that the manager has on DHCP ?
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: DHCP vs Static IP addresses 6 years 9 months ago #33100

  • Gipper
  • Gipper's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
You should stay with DHCP and use "reservations" for machines that require a "static" address.
The administrator has disabled public write access.

Re: DHCP vs Static IP addresses 6 years 9 months ago #33101

  • sose
  • sose's Avatar
  • Offline
  • Honored Member
  • Posts: 813
  • Thank you received: 4
  • Karma: 3
Let me see.....

1.I think the security guy want to implement an IP policy based rule

2. He wants to identify users by IP

3. He might want to retrict internet access IP by IP, and when you control internet access in an organisation productivity increases.

4. he will want to monitor what users are doing by getting log reports to his mail every day, something like real time monitoring of which user is consuming the most bandwidth

depending on the package he chooses for implementation, dhcp might make things difficult for him. if he has to use static addressing the headache is at the initial stage of inputing the IPs and inputing the IPs manually as the number of systems gradually grow except if there is a major problem in future. I dont want to be categorical about this , but the issue is about trading off convienience for security
sose
Network Engineer
analysethis.co/index.php/forum/index
The administrator has disabled public write access.

hahaha... 6 years 9 months ago #33109

  • talk2sp
  • talk2sp's Avatar
  • Offline
  • Expert Member
  • Posts: 528
  • Thank you received: 1
  • Karma: 1
Sose i think the Sec Manager is becoming cautious of OPSEC (operations security). So he is guiding every angle. He does not want any kind of human to just plug in his device and get an automatic IP and thus is connected and can do anything he feels like.

But in a static Environment the unknown client has to seek an IP address and me and u knw that before he gets one it has to be from a top Admin staff. and the Admin staff will be responsible for any bad log thats comes up from the IP he gave out..

You knw i have been under going some comprehensive training this week (started on monday) with Homeland Security. So i think i will support the Migration from DHCP to Static, my self my next job i will implement BooTP.


C0DE - 3
I AM MADE TO SHINE... BORN TO BE GREAT


C0dE - 3
..........................................................
Take Responsibility! Don't let failures define you
The administrator has disabled public write access.
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup