HOEI

This is a fairly common question in small IT shops.  I have faced this question a couple of times in my IT career and I will share some details from my experiences.  I posted a lengthy comment on the subject of DHCP vs static IP addresses on my friend Trace’s new blog. Trace started a brand new blog a few weeks ago titled Trace Pupke:another church IT blog. Trace is the IT Director of Seacoast Church. Here is what I had to say on the question of “DHCP or Static IPs?“.

I recommend that you consider DHCP reservations as a middle ground between the static addresses and your current DHCP configuration. There are several reasons for this, but the main reason is for centralized control of changes to DNS, Default Gateways, and Subnet Mask. I would definitely continue to use DHCP for laptops since they are frequently moved between your network and other networks. If you feel that static addresses are the only way for you then you might offer your users the ability to change their own IP settings on the laptops for when they travel. Here are a couple of scripts you can user in two separate BAT files to easily switch between static and DHCP without having to open the TCP/IP settings of their NIC.

Put the following two lines in a file called office.bat. netsh interface ip set address name=”Local Area Connection” static 192.168.0.2 255.255.255.0 192.168.0.1 1 netsh interface ip set dns “Local Area Connection” static 4.2.2.1 primary Put these next two lines in file named away.bat. netsh interface ip set address name=”Local Area Connection” source=dhcp netsh interface ip set dns name=”Local Area Connection” source=dhcp Note: The “name” variable must match the Name shown for that NIC in the Control Panel/Network Connections. If you are wondering how I ssh from the command line of Windows you should check out my post titled SSH from Windows CMD line.

Since my job most often requires me to interface with network devices via telnet or ssh I like not having to use the mouse when in a tight network closet. I am often working on IP segments that do not have DHCP configured so I put several of these types of files with short easy to remember names in my system directory. You can use any other folder found in your path statement. That way I can run them from any folder on the command line without having to use the mouse. One way to stop the rouge clients is by implementing port security on your switches where you match a port to a specific MAC address. Most IOS versions from Cisco support this as a standard these days. I am not sure about 3Com. This can be difficult to manage in an area where you have a lot of visiting network users. In that case you should consider putting those non-secured drops in a DMZ off your firewall to keep them off of your trusted/inside network IP segment.
I have traveled down the path of answering this very same question for myself as a system administrator with two previous employers.  One employer was Piedmont Technical College where I had about 350 user nodes.  Not all of these were IP based clients.  Many were on Local Area Transport (LAT) using VT terminals to access our VAX.  All of my clients were scattered across 9 locations in seven different counties of South Carolina.

The other employer where I faced this DHCP vs Static decision was at Cambar Software now called Cambar Solutions.  Back in the day when I started with Cambar, we had about 100 PCs with a majority of them running OS/2 Boot Manager to allow for booting to one of three separate operating systems (OS/2, Windows 95, and Windows 3.1).  Later we added NT 4.0 as an option on some of the multi-boot systems.  These were the operating systems that different clients were running at the time.  The developers, testers, and help desk folks could boot into the OS that was needed to support the particular client they were currently working with at the time.  The trick to static addesses was to keep the same address on all three operating systems.  They were not running and internal DNS or WINS server when I started, but were using hosts and lmhost files to provide friendly names for accessing the dozens of servers (uh hotrod PCs) that they were running DB2, Oracle, and MS SQL databases on.  This setup was an administrative nightmare when trying to add a new host to the hosts file of three different operating systems of 100 PCs.
Both of these previous employers were running static IP addresses when I started.  They both ended up on DHCP before I left.  Today I am no longer supporting end users directly as I was back then, but I do support dozens government customers with 5,000 plus users on the LANs.  They all use DHCP as you might expect.

What this question boils down to is this.  How easy will it be for you to manage static IP addresses.  If you are a very small IT shop, say less than 50 users with yourself as the only IT support person, then static IP addresses will probably be pretty easy to manage.  If you have more than one IT support staff member, then things get a little more complicated.  Who will control the list of IP addresses and how will it be accessed?  If you are installing a new PC and do not currently have access to the list (online spreadsheet or notebook in another IT guy’s pocket), then how do you know what is available?  These circumstances become much more common as your network grows and the number of support staff members increases.  I submit that wireless access to online versions of these IP list spreadsheets via PDA’s does make the static address management a little less cumbersome than in my desktop support days.
No matter the size of your IT shop, if you want better control over your IP addresses, then the reservations is a good way to go.  You will still want to keep a few non-reserved addresses available in your DHCP pool in the event you need to quickly add a printer or PC, but you can easily restrict what those IPs can do with a good firewall strategy.  You can free up their network access via the firewall a little later.
My comments on Trace’s blog were echoed by another Church IT director Travis Kensil.  Travis touched on the wireless factor which I did not have to deal with back when I was answering this DHCP vs Static IP question.