DHCP reservations

levy99 · September 17, 2020, 12:38pm

I would like a firewall that can do DHCP reservations. Netgate cannot. Any suggestions?

Acestes · September 17, 2020, 6:36pm

Not 100% sure what you mean about Netgate not doing DHCP reservations. pfSense definitely can do DHCP reservations https://docs.netgate.com/pfsense/en/latest/dhcp/dhcp-server.html although they are referred to as static IP mappings. I use them for several devices.

xMAXIMUSx · September 18, 2020, 12:05am

Absolutely pfsense can do DHCP reservation.

levy99 · September 18, 2020, 4:59pm

Netgate says that they explicity block doing reservations and to do them (they do not recommend them) required a minor change to their codign

“This is what Netgate says…Static Mappings Inside DHCP Pools
While ISC dhcpd will allow a static mapping to be defined inside the DHCP range/pool, it can result in unexpected behavior.
ISC dhcpd only checks via ping to ensure that an IP is not actively in use when making assignments. Making a static mapping does not “reserve” that IP out of the pool. The static mapping in this case merely represents a preference for an IP and others are not prevented from taking the IP if it is not in use.
An example: If the DHCP pool is from 192.168.0.10 to 192.168.0.250, and a static mapping is defined for 192.168.0.25. If the PC that normally has 192.168.0.25 is ever offline another device could be assigned 192.168.0.25. When the other machine powers back up it will not be able to get 192.168.0.25 because it is currently in use.
As such, it is best to only make assignments outside the range/pool, and the pfSense® webGUI enforces this practice.
If assignments absolutely must be made inside the pool, and the risks involved are worth taking and want to do so anyway, the input validation check may be removed from the PHP file that drives the DHCP editor page. The details of this unsupported change are left out as an exercise for the reader.”

neogrid · September 18, 2020, 5:31pm

Don’t see any issue, just assign your static IPs to one range and your dhcp to another range. It’s what I’ve done, didn’t experience any issues.

Acestes · September 18, 2020, 5:52pm

I think I understand now. By default in pfSense the reserved/static mapped IPs are not part of the DHCP pool, but are handed out by DHCP. For instance, a pool might be 192.168.0.11 - 192.168.0.100 and you would have a static mapping for a MAC of A1:B2:C3:D4:E5:F6 to the IP 192.168.0.10 so that device gets that IP via DHCP, but that IP is not part of the pool. This is different from say a Windows DHCP server, which will hand out a reserved IP from within the pool.

levy99 · September 18, 2020, 6:11pm

Yes. I would be OK with this as long as I could set the computer to DHCP and it would get this “preferred” address, albeit outside of the pool’s range. Is this the way it works?

levy99 · September 18, 2020, 6:24pm

That would mean I have to setup a static IP address on each device that needs an explicit address. What I want is to be able to just plug the computer into the network and each time it would get the same IP but the computer would be set to DHCP. The reason is that if this is laptop set to a static address when the user takes it home or another location it will not be able to be assigned an IP address on that location’s subnet. Set to DHCP they just plug in whereever they are and an IP address will be assigned.

Acestes · September 18, 2020, 6:28pm

Yes, that’s how it works. I have several devices set to DHCP that get the ‘reserved’ IPs outside of the pool. No issues what so ever.

neogrid · September 18, 2020, 6:29pm

Sure just assign a static IP in pfsense with the mac address while the client has DHCP it will pick up the reserved IP.

BTW there is a way in windows for 2 static IPs to be assigned to a machine just for the situation you have described. On the tab to configure the IP address the 2nd tab has alternate configuration, it can be entered there.