• September 1, 2018
  • Comments off

Best Practices – DHCP

Dynamic Host Configuration Protocol (DHCP) is used to provide connection settings for computers and equipment. Most often this is used to enable basic network access by providing IP address, subnet mask, default gateway, DNS servers, and domain name.

A plethora of other options exist as well, typically referenced by number, and are used for specific things.

  • Directing wireless access points (APs) to the wireless LAN controller (WLC)
  • Trivial File Transfer Protocol (TFTP) server for Voice over IP (VoIP) phone firmware images
  • Bootfile for Pre-boot eXecution Environment (PXE)
  • Hiding hidden messages

Since there are so many options, it is too easy for options to build up over time or become misconfigured when changes are made.

Reduce Lease Time

Set Lease time on the scope to either 1 day or 8 hours for normal wired pools, and 4-8 hours for wireless pools.

Lease time is the maximum amount of time the server maintains the IP address reservation.  The default on Windows severs is 8 days (!), which is far too long for the server to hold onto address leases. Dynamic IP address assignment is meant to be transient – if you need a consistent or static IP, then make it static (more on this below).

Don’t worry about increasing broadcast traffic, it is negligible.

Remove Unneeded Options

Remove any DHCP options that are not specifically needed.  Make sure they make sense and are consistent across subnets.

There should be a reason for every option and setting that is enabled.  Know what all options mean and what they are used for, or remove them.

Examples:

  • Is WINS really still needed?
  • NTP server? Workstations joined to the domain already get time from the domain controllers (DCs).
  • Any options still out there for legacy phone systems or wireless deployments?

Use Correct DNS Servers

Set DNS servers to local DCs, not public servers. This might seem obvious, but it needs to be pointed out. Too many times have I seen carrier DNS servers listed internally just because it came on the config sheet when the new internet service was installed.

Keep Utilization Below 80%

If utilization consistently exceeds 80%, segment into separate VLANs. This high watermark can vary, but 80% is a decent target to start with.

Also, notice I said separate VLAN. Each IP subnet and corresponding DHCP scope should be on a dedicated VLAN.

Don’t be tempted to expand the subnet to a larger /23 or /22. Do yourself a favor and keep everything with consistent /24 subnets everywhere.

Avoid DHCP Reservations

Configure static IPs on devices that need consistent addressing. DHCP reservations should only be used on equipment that can’t be easily configured with static settings.

Please don’t just use a bunch of reservations for convenience. If done correctly, there shouldn’t be many DHCP reservations at all.

Tags: