I recently switched my home all-in-one from my ISP to my own modem, pfSense box, and AP. It’s been great, and was pretty easy to set up, and now I have a lot of stuff I can play around with.
Previously, when I wanted permanent IP addresses, I manually entered them at the client sides, and gave them addresses that were outside my DHCP scope. This work(s/ed) fine, but I hear that’s the greybeard way of doing things.
Now, it seems like people just make a giant DHCP range, and then give specific clients a reserved address within that scope from the router side, so that everything can be centrally managed. Ok cool.
So, aside from the noted ease of management, are there specific advantages/disadvantages/gotchas with one method or the other?
My own current “I’m stuck” situation is that I can’t seem to find any reservation settings inside pfSense? Their support pages keep pointing me at using the ‘static DHCP mapping’ section; however, while the documentation says I can put in my preferred IP for assignment to that MAC address, my firmware gives me a note (and an error if I try it anyway) telling me that I cannot actually enter an IP address that falls inside my current scope. So. What gives? Am I missing something, or in the wrong place?
The Range From/To fields in DHCP server settings are min and max for dynamically assigned IP addresses only – not for DHCP static mappings.
If you narrow the dynamic Range, like .100-.254 for example, then you can use .2 to .99 for static mappings.
As far as advantages go: I think letting the DHCP server assign an address is more flexible, because you can move your client to another VLAN, or change your local IP address scheme without changing client settings.
There was another post last week about reserved IP settings in pfsense, I don’t remember if there was a resolution. I do seem to recall that I poked around in one of my firewalls and didn’t see a way to make reservations, but I’m not using DHCP so some things may not be present until you turn it on and make it active.
I have Windows domain controllers at work to handle this stuff, and using Zentyal Community server at home for this function. https://zentyal.com/community/ I’m not really up to speed on Zentyal so not sure how much help I could provide if you spin up a server. It’s running on an old Foxconn device with 4gb and an Atom D525 processor. Slow but steady and really only painful when doing updates to the OS/software. Most any of the newer tiny single board x86_64 computers would run faster, so only about $120 away. Used thin clients might be another way if this sounds like an idea.
[edit] A quick google shows that there is no way to make IP reservations, you can statically set them on the clients, but those IP addresses must not be within the DHCP pool or you could get another device getting a DHCP on top of a statically assigned device.
Something like this might work for Zentyal https://www.amazon.com/ACEPC-T8-x5-Z8350-Graphics-Computer/dp/B083V1BKZM/ Alternates would be HP T620, T620 Plus, T630 for low cost 4 core machines with a wired ethernet connection. If you want to spend more money on a more robust “server”, then check out the series that “Serve The Home” is doing on their “tiny mini micro” computers where they are going through Lenovo, Dell, HP small computers and thin clients.
What you are describing sounds exactly like static IPs, but set from the router. Which, technically, is what I want.
I guess it’s the terminology that makes this confusing then. Like. It is a ‘DHCP Reservation’ even though it is not an IP that is within the DHCP scope. In my brain, DHCP by definition is dynamic, so a ‘reservation’ would be an address that is normally assigned dynamically, that you now tell the router to hold on to and only assign when a specific MAC address shows up.
I can change my DHCP scope so that it doesn’t assign all the IPs in my address range (I’m actually doing this already; I only dynamically push 100-199, and typically leave 2-99 open for statics). So, I can definitely make this work in my current implementation. I was just expecting the wrong thing I guess.
In a Windows DHCP server it is exactly called DHCP reservation and I use it for many devices on my network at work. Unfortunately pfsense doesn’t support this when handing out leases. And I’m still not sure that Zentyal will create reservations yet, I looked quickly but few things are resolved with a quick poke around the UI (at least for me).
It is still a decent practice to split the scope of the ip range up, most of the reserved IP’s that I hand out at work are between .50-.99 or .200-.240. The reservations are just nice because you don’t need to “hard code” the IP into a device, and then decide to move it later which causes you to go back to that device. The “dynamic” leases I hand out are .100-.199, I put “dynamic” in quotes because you need the computer to be disconnected for a pretty long time to get reassigned. If the computers have power they generally never change with my system.