Admins need to assign and track the static IP addresses required by many devices, such as servers and routers, so that other hosts do not duplicate these addresses. A seemingly ideal solution would be to use a table or database from which hosts can be assigned IPs. Further, if DHCP could then use this static IP address table or database, it could resolve not to hand out those addresses to other clients. But is that possible?
A member recently posed this question in our Technical Q&A, offering details about why he needs such functionality. Although responses to his question didn’t offer a tidy solution for employing DHCP in this manner, they nevertheless described a way to accomplish the task without using a table—a DHCP feature that serves a similar purpose.
Populating host addresses from a table
Member frankl_27 presented the challenge of how to use DHCP to assign host addresses stored in a table. He’s running WinNT 4.0 (SP 6a) and wanted to use static addresses for specific systems that require monitoring or remote control access.
“I’ve recently been presented with the task of completely redesigning our network of 13 locations scattered across two states. All the machines are currently assigned static IP addresses (mainly due to remote monitoring and support needs).”
Frankl_27 wanted to know if it would be possible to use DHCP to assign the addresses based on the available IPs listed in the table.
“For example, I want to assign the PC Branch1President to 10.0.0.100, the PC SysAdmin to 10.0.0.68, the machine RouterA to 10.0.0.1, and all the other machines in the network in a similar fashion.”
In addition, he wanted to overcome specific security challenges with the solution. If a machine attempted to make a DHCP request that’s not specified in the table, the machine would be denied an address. This would prevent an unauthorized user from plugging a laptop into the network and obtaining an address that allowed a connection. Frankl_27 also wanted to be able to log connections with the MAC address, username, and date/time of login/logout. A key reason for this is keeping better tabs on the scattered locations he must maintain.
“I need defined IP addresses because I actively administrate all the workstations, servers, and routers from a single location. If the addresses changed all the time because of DHCP, my administrative abilities would be severely hindered.”
The question frankl_27 posed makes sense from this perspective. Automatically assigning static IPs to machines from an existing table could save a net admin a lot of time and hassle in situations where the addresses needed to remain the same. He had a specific plan in mind—he just wasn’t sure if the existing protocol could accomplish what he needed.
The simple answer to the question of whether DHCP can pull IPs from a table is no, it can’t.
Network engineer Joseph Moore wrote, “You can’t write up a text file, import it into DHCP Administration, and have the server use that. But you can set up the DHCP scope on your server, with the Reservations and the exclusions to the scope, and then you can check the logs.”
Gary McPartland, a network consultant with Argyle Computing Services Ltd., also said that to assign static IPs, you have to use the Reservations function of DHCP. By using the Reservations system, he said, “You link the MAC address of a PC to an IP address, so that each time the machine requests an address it gets the same one.”
McPartland said frankl_27 could use Reservations to assign the IP addresses without having to make a long road trip to all of the sites on the network. He pointed out that accomplishing the task in this manner would initially take a lot of work.
Moore added that using this method, machines would request IPs when the leases had expired. In requesting an address, they would be assigned the same address from the Reservations list. “This is just a dynamic way of assigning static IPs.”
As for logging the requests as frankl_27 wanted to do, Moore said that the DHCP logs would contain information about which machine was assigned which IP address, including the MAC addresses, the names of the machines and IPs, and the lease expiration date and time.
“And remember, each DHCP server has its own DHCP server log in the Event Viewer [for Windows DHCP]. That is where you can check for reporting on who got what IP at what time.”
Moore noted that for logging purposes, frankl_27 could use a tool such as IPMonitor to check server Event Viewer logs. IPMonitor can be configured to send alerts to the admin when certain events occur.
Of course, although the Reservations system appears to be a viable solution for frankl_27’s needs, it doesn’t totally address the security issue. Apparently, there’s no easy way to limit how DHCP hands out addresses except by setting up a scope and then making Reservations (tied to MAC addresses) for every address possible in that scope.
So it turns out that frankl_27’s proposed tactic is not possible with DHCP—it can’t import from a table to assign specific addresses to specific machines. However, the Reservations system offers an alternative method of achieving the same goal. Although frankl_27 said that it’s not exactly how he wanted to handle the task, it is, nonetheless, a viable solution.