I have a network consisting of ~1,000 ports and ~60 access points. A recent problem has been clients statically assigning themselves an IP address within my DHCP range.
I am using dhcpd on FreeBSD (I don't know the version off the top of my head), and I have it set to ping an address before leasing it. A lot of my available addresses are being abandoned due to this, however some clients with static IP addresses have firewalls set to not respond to ICMP packets. In these cases, the server is still trying to lease the address, which is causing problems.
I am curious to hear how other people have solved this problem; I cannot imagine I am the first to encounter this. A few points:
- Setting static IP addresses across the network and moving away from DHCP is not an option. The vast majority of my clients are basic users who do not know what an IP address is, and the need to accommodate guests prevents me from using dynamically-assigned addresses or assigning static addresses myself.
- I have my switches set to prevent users from assigning static IP address on my wired network, so my problems exist only for my wireless network. I have the MAC addresses of clients using static addresses as well as the radio they are connected to, but do not have a good method of finding them beyond that.
Does anyone have any advice for what I can do in this situation to prevent clients from using static IP addresses, preferably in an automated manner that doesn't require me to run around policing people?
I don't know if it exists, but it would be great if I could find a software package that monitors traffic with the clients on one side and the DHCP server and gateway on the other side; it would track DHCP leases and then verify the IP/MAC combination of packets on their way to the gateway, removing packets which did not have an IP/MAC binding assigned by the DHCP server. This is what my switches do for my wired network, but they cannot do it for my wireless.
Sorry for the long post, and thank you in advance for any advice!
I am using dhcpd on FreeBSD (I don't know the version off the top of my head), and I have it set to ping an address before leasing it. A lot of my available addresses are being abandoned due to this, however some clients with static IP addresses have firewalls set to not respond to ICMP packets. In these cases, the server is still trying to lease the address, which is causing problems.
I am curious to hear how other people have solved this problem; I cannot imagine I am the first to encounter this. A few points:
- Setting static IP addresses across the network and moving away from DHCP is not an option. The vast majority of my clients are basic users who do not know what an IP address is, and the need to accommodate guests prevents me from using dynamically-assigned addresses or assigning static addresses myself.
- I have my switches set to prevent users from assigning static IP address on my wired network, so my problems exist only for my wireless network. I have the MAC addresses of clients using static addresses as well as the radio they are connected to, but do not have a good method of finding them beyond that.
Does anyone have any advice for what I can do in this situation to prevent clients from using static IP addresses, preferably in an automated manner that doesn't require me to run around policing people?
I don't know if it exists, but it would be great if I could find a software package that monitors traffic with the clients on one side and the DHCP server and gateway on the other side; it would track DHCP leases and then verify the IP/MAC combination of packets on their way to the gateway, removing packets which did not have an IP/MAC binding assigned by the DHCP server. This is what my switches do for my wired network, but they cannot do it for my wireless.
Sorry for the long post, and thank you in advance for any advice!