I guess I'm just an unsophisticated network admin.....
DHCP or static?
- Thread starter EDCK
- Start date
alastairstevenson
Staff member
Sounds like you never encountered a rogue DHCP installation.
Or worked on a secure network with more than one segment.
Static IPs are a must on any corporate network - knowing where the assets are is mandatory, not being dependant on some other server that may have vanished, may not be up yet, may have been compromised, may not be accessible etc etc.
Rogue DHCP, DNS and more .. love R&D newbies that think they know what they are doing, but don't. Even funnier when it is business R&D server/network types that screw things up.
proper ACLs and other measures prevented impact from spreading beyond bldg/dept that caused the problem
Worked on global enterprise, and higher, security environments.
Static IPs for certain system that must be exactly there during initial stages of a recovery... sure.. but the vast majority of systems... No, definitely not. Proper recovery runbook means one has documented when they come up, what they are dependent on, etc. In our datacenter and branch office (a Fortune 20 company) server VLANs, there were static IPs limited to a few dozen systems globally, out of many thousands (can't recall if Corp IT managed server count (ie corp LAN, not cloud) was over 10K systems... might have been). And this was over 15 years ago. Again, all about the right processes and monitoring tools.
Certainly, if mgmt is preventing decent operational maturity tools and approaches (which I've seen), then one does what one must. And I've worked those environments as well
FWIW, I doubt that the average IPCT member has more than 20 or 30 cameras, but certainly not thousands of network devices to manage so most of what you've encountered in your illustrious career are likely not to rear their ugly head for them.....fortunately.
I don't disagree
My point is that even on small home network, with better than cheapest offshore PoS network devices, properly managed DHCP reservations is MUCH easier to manage/maintain over the long run than static IPs.
There can be issues either way. but even with consumer gear, I had no issues with DHCP reservations for decades... and using Static IPS would have been a complete PITA every time I did a significant network upgrade/change
but a typical home user could certainly screw up either approach... just yesterday, spent hours over at neighbors house as he got a new WiFi system, with new IP range... etc... ended up reconfiguring every device on network... [nothing to do with Static vs DHCP] he didn't know what he didn't know. and realized he did it the REALLY hard way only once he was done...
I prefer to spend a few extra minutes up front (documenting/backing up associated IP address/MAC, etc. info) to save a lot more time in long run... others prefer quick/easy now and ignore trouble that can cause later... to each their own
My point is that even on small home network, with better than cheapest offshore PoS network devices, properly managed DHCP reservations is MUCH easier to manage/maintain over the long run than static IPs.
There can be issues either way. but even with consumer gear, I had no issues with DHCP reservations for decades... and using Static IPS would have been a complete PITA every time I did a significant network upgrade/change
but a typical home user could certainly screw up either approach... just yesterday, spent hours over at neighbors house as he got a new WiFi system, with new IP range... etc... ended up reconfiguring every device on network... [nothing to do with Static vs DHCP] he didn't know what he didn't know. and realized he did it the REALLY hard way only once he was done...
I prefer to spend a few extra minutes up front (documenting/backing up associated IP address/MAC, etc. info) to save a lot more time in long run... others prefer quick/easy now and ignore trouble that can cause later... to each their own
alastairstevenson
Staff member
My immediate thought also, this should be an easy enough change approach with a lot less uncertainty.
Presumably the new WiFi equipment was not able to be configured with the same network configuration / SSID / access key settings as the one it replaced?
Should in theory be an easy change, supported by being able to see the original configured settings and not have to guess / scan / test / access every device on the network.
With no connected devices or users noticing the difference.
I'd like to have a dollar 5 dollars (shrink-flation) for every time I went to a CenturyTel DSL user's house or place of business and they had received a new CenturyLink or BrightSpeed (new name/owner every few years) modem/router combo and the LAN/gateway IP went from 192.168.1.1 to 192.168.0.1 or to 10.0.0.1. In the case of commercial trucking freight brokers with 10 network printers with static IP's, county government property tax and probate office for vehicles license plates and registration, also with several printers with static IP's, all I had to do was log into ONE DEVICE, the modem/router, and change it's LAN/gateway IP. Bada bing - bada boom...done.
When he told me what he had done, I asked why he didn't simply change the new mesh WiFi system to match his old settings ? he got a sheepish look on his face...
he had already re-configured every device in their house except the printer which he couldn't figure out (a wireless printer) hence my visit... then I noticed a browser hacked (malware fraudulent virus warning notification popup ... logged in with only user account on PC w/ Admin priv's
... a while later I got home )
anyway... ... changing WiFi SSID/password on a regular basis (presuming not enterprise class individual user/device authentication with certificates) is a recommended/good idea... but a complete PITA will all the modern devices
I like my new Access Point where each user and class of devices gets their own password, all using the same SSID, such that I can rotate one password and leave the rest alone
TonyR - as to your experience... yup... why I recommend owning one's own firewall/router, so security layer from LAN to ISP that ISP doesn't control/manage/maintain... granted that means the LAN admin has that maint work to do themselves... which is more than some (PEBKAC types) are willing or able to do... so no 'best' answer
he had already re-configured every device in their house except the printer which he couldn't figure out (a wireless printer) hence my visit... then I noticed a browser hacked (malware fraudulent virus warning notification popup ... logged in with only user account on PC w/ Admin priv's
... a while later I got home )anyway... ... changing WiFi SSID/password on a regular basis (presuming not enterprise class individual user/device authentication with certificates) is a recommended/good idea... but a complete PITA will all the modern devices
I like my new Access Point where each user and class of devices gets their own password, all using the same SSID, such that I can rotate one password and leave the rest alone
TonyR - as to your experience... yup... why I recommend owning one's own firewall/router, so security layer from LAN to ISP that ISP doesn't control/manage/maintain... granted that means the LAN admin has that maint work to do themselves... which is more than some (PEBKAC types) are willing or able to do... so no 'best' answer
devices like printers, NAS, cameras I will static but I keep my cameras off my internet network.
I run a cheap wieless router for my doorbell cam in access point mode connected to a camera input on the NVR. That away I can run wireless into the NVR without the cameras being on the regular home network.
I run a cheap wieless router for my doorbell cam in access point mode connected to a camera input on the NVR. That away I can run wireless into the NVR without the cameras being on the regular home network.