Re: Static vs. dynamic dhcp assigned addresses

[Matt Richard <matt.richard () FANDM EDU>]

F&M provides static addresses on a case-by-case basis for departments 
and personal devices on the Ethernet network.  We don't provide statics 
for students or wireless devices - they are strictly DHCP-only.

We just expanded the address space of our student wifi networks because 
they were running out of leases this fall.  I'd blame that on a 
combination of more college wifi radios in the dorms, and more personal 
devices.

DHCP has been more of a help than a hindrance for us I think.  It allows 
us to assign clients to a VLAN dynamically.  Good logging is crucial for 
tracking down complaints or problems.

DNS/DHCP is provided by a pair of redundant appliances installed in 
diverse locations.

We use a NAC solution across the whole campus.  It moves unknown clients 
(based on MAC address) to a registration VLAN where web browsers get 
redirected to a registration portal.  Once registered, clients are 
assigned to a building ethernet VLAN or to a wifi VLAN based on their 
affiliation to the college.  Static addresses won't work with this system.

-Matt

--
Matt Richard '08
Access and Security Coordinator
Information Technology Services
Franklin&  Marshall College
matt.richard () fandm edu


On 12/12/11 11:08 AM, Mayne, Jim wrote:
> TCU has always provided user's with static ip addresses using dhcp 
> reservations. However with the flood of new mobile devices it is 
> straining our ability to efficiently assign these types of ip 
> addresses. In discussing a movement to dynamic addresses the issue of 
> incident response and troubleshooting comes up.
>
> Would others using dynamic addresses share their tactics and any 
> estimate of added effort involved when tracking down issues identified 
> by ip addresses, whether they be from external complaints, IDS logs, 
> firewall logs etc.
>
> Thanks,
>
> Jim
>
> Jim Mayne
> Information Security Services