- Posts: 1
- Thank you received: 0
DHCP vs Static IP addresses
14 years 11 months ago #33089
by aaown
DHCP vs Static IP addresses was created by aaown
Our security manager is trying to force us to move from a DHCP / Static network to a purely static IP network
We have about 300 clients, 70 servers, and 9 offices each on a seperate subnet.
Is / has anyone out there had to move from a DHCP network to a static IP network?
Is anyone using just static IP's on their entire network?
Does this make any sense to folks out there?
I would appreciate any feed back what so ever.
Thanks,
We have about 300 clients, 70 servers, and 9 offices each on a seperate subnet.
Is / has anyone out there had to move from a DHCP network to a static IP network?
Is anyone using just static IP's on their entire network?
Does this make any sense to folks out there?
I would appreciate any feed back what so ever.
Thanks,
14 years 11 months ago #33090
by KiLLaBeE
Replied by KiLLaBeE on topic Re: DHCP vs Static IP addresses
How is the security manager reasoning that this is an intelligent/beneficial change?
My answer to your questions is no
My answer to your questions is no
14 years 11 months ago #33091
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: DHCP vs Static IP addresses
We have a whole class B network registered to our University and about 95% of it is using static IPs. Only wireless clients are using DHCP. But this scheme is inherited from way back, they are thinking now of changing everything to DHCP.
I personally think that both schemes have their own pros and cons. DHCP is probably much simpler and faster to deploy. But static IPs are a little easier to manage, monitor, control and secure in the sense that you know who is taking what IP . Nevertheless, there might exist newer capabilities/software/tools now that can make managing and controlling DHCP a better experience.
May I ask what is the main problem that the manager has on DHCP ?
I personally think that both schemes have their own pros and cons. DHCP is probably much simpler and faster to deploy. But static IPs are a little easier to manage, monitor, control and secure in the sense that you know who is taking what IP . Nevertheless, there might exist newer capabilities/software/tools now that can make managing and controlling DHCP a better experience.
May I ask what is the main problem that the manager has on DHCP ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
14 years 11 months ago #33100
by Gipper
Replied by Gipper on topic Re: DHCP vs Static IP addresses
You should stay with DHCP and use "reservations" for machines that require a "static" address.
14 years 11 months ago #33101
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: DHCP vs Static IP addresses
Let me see.....
1.I think the security guy want to implement an IP policy based rule
2. He wants to identify users by IP
3. He might want to retrict internet access IP by IP, and when you control internet access in an organisation productivity increases.
4. he will want to monitor what users are doing by getting log reports to his mail every day, something like real time monitoring of which user is consuming the most bandwidth
depending on the package he chooses for implementation, dhcp might make things difficult for him. if he has to use static addressing the headache is at the initial stage of inputing the IPs and inputing the IPs manually as the number of systems gradually grow except if there is a major problem in future. I dont want to be categorical about this , but the issue is about trading off convienience for security
1.I think the security guy want to implement an IP policy based rule
2. He wants to identify users by IP
3. He might want to retrict internet access IP by IP, and when you control internet access in an organisation productivity increases.
4. he will want to monitor what users are doing by getting log reports to his mail every day, something like real time monitoring of which user is consuming the most bandwidth
depending on the package he chooses for implementation, dhcp might make things difficult for him. if he has to use static addressing the headache is at the initial stage of inputing the IPs and inputing the IPs manually as the number of systems gradually grow except if there is a major problem in future. I dont want to be categorical about this , but the issue is about trading off convienience for security
sose
Network Engineer
analysethis.co/index.php/forum/index
14 years 11 months ago #33109
by talk2sp
BORN TO BE GREAT
c0de - 3
..........................................................
Take Responsibility! Don't let failures define you
Sose i think the Sec Manager is becoming cautious of OPSEC (operations security). So he is guiding every angle. He does not want any kind of human to just plug in his device and get an automatic IP and thus is connected and can do anything he feels like.
But in a static Environment the unknown client has to seek an IP address and me and u knw that before he gets one it has to be from a top Admin staff. and the Admin staff will be responsible for any bad log thats comes up from the IP he gave out..
You knw i have been under going some comprehensive training this week (started on monday) with Homeland Security. So i think i will support the Migration from DHCP to Static, my self my next job i will implement BooTP.
C0DE - 3
But in a static Environment the unknown client has to seek an IP address and me and u knw that before he gets one it has to be from a top Admin staff. and the Admin staff will be responsible for any bad log thats comes up from the IP he gave out..
You knw i have been under going some comprehensive training this week (started on monday) with Homeland Security. So i think i will support the Migration from DHCP to Static, my self my next job i will implement BooTP.
C0DE - 3
BORN TO BE GREAT
c0de - 3
..........................................................
Take Responsibility! Don't let failures define you
Time to create page: 0.137 seconds