Re: Static vs. dynamic dhcp assigned addresses

[Ken Connelly <Ken.Connelly () UNI EDU>]

Until about a year ago, we were in the same boat - static addresses
assigned for all registered devices, both university-owned and
personal.  We have migrated away from that in our ResNet and for
personal wireless, with further migration to come.

In ResNet, we're using a NAC product to identify the person using the
device.  For the time being, personal wireless is being handled by 1x
and radius authentication, although NAC is probably in the cards for
that area as well.

For the most part, our NAC provides a one-stop lookup to find a
responsible party while the personal wireless requires two steps, dhcp
logs followed by radius logs.  Having lived with static bootp/DHCP
assignments for 20 years, I was *very* leery about the change.  In
hindsight, it's not been as bad as I feared.

- ken

Mayne, Jim wrote:
> TCU has always provided user’s with static ip addresses using dhcp
> reservations. However with the flood of new mobile devices it is
> straining our ability to efficiently assign these types of ip
> addresses. In discussing a movement to dynamic addresses the issue of
> incident response and troubleshooting comes up.
>
>  
>
> Would others using dynamic addresses share their tactics and any
> estimate of added effort involved when tracking down issues identified
> by ip addresses, whether they be from external complaints, IDS logs,
> firewall logs etc.
>
>  
>
> Thanks,
>
> Jim
>
>  
>
> Jim Mayne
> Information Security Services
>
>  

-- 
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!