DHCP versus Static IP

Static IP address
The company I work for is planning on disabling the DHCP server and issue static IP addresses to all devices.  We have over 100 computers and wireless access points for laptops.  Has anyone ever heard of this approach to increase security?



Answer Wiki

Thanks. We'll let you know when a new response is added.

People try this from time to time, but the management nightmare that this creates quickly gets people back to using DHCP. If you don’t want your DHCP server issueing IPs to computers that it shouldn’t setup a reservation for each computer. This way you can still use DHCP to manage everything, and when new computers are added to the network you simply adjust the scope, and setup a reservation.

Discuss This Question: 7  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Yasir Irfan
    Yeah I agree with Mrdenny, DHCP is the best way to manage the IP address assignement, if you are using Static IP address then you have to document them so that no duplication occurs. As far as Management devices such as Servers, Switches , routers and access points are concerned static IPs are recommended.
    7,330 pointsBadges:
  • Kevin Beaver
    I can't think of much value this would add from a security perspective. If anything it'll just create more work on the network administration side and end up increasing business risks.
    27,550 pointsBadges:
  • Sonotsky
    Agreed with all responses to date. If by "security", management wants to know which IP is causing certain traffic (and by extension, which workstation), then reserved addresses in dhcp works well. Yes, it's possible for the user to change their MAC to attempt to obtain a different IP, but if the user has that much access to their workstation, then I think the network is the wrong place to be looking to improve security...
    695 pointsBadges:
  • mshen
    Static addresses isn't the best way to do it; there is too much administrative overhead and little added security. Look into Network Access Control (NAC), Switchport security on the switch, or MAC Access-lists on the switch.
    27,385 pointsBadges:
  • Jayaram
    Mrdenny, 1. A wireless device that gets within range of your wireless network equipment may be able to acquire an IP address from your router. this is for more security purpose. 2. For small networks like a home network, you can add some extra protection by turning off the DHCP, or automatic IP addressing, feature of the router and manually assigning static IP addresses. At the end the above is for more security purpose.
    140 pointsBadges:
  • Denny Cherry
    If you have wireless networks, those network should be secured using a key through WPA or WEP key so that if random people walk up to your WiFi network with a laptop they can't connect to the network, and therefor can't get an IP address. If a corporate environment you can deploy the keys and SSID to the computer via GPO so that all company laptops can connect to the wireless without having to give the users the key.
    69,130 pointsBadges:
  • Syphun
    I so much agree with mrdenny, the basic fact remains that DHCP is the one and only way to create less work for the network admin and as well secure your network if you know the right things to do with your GPO on the server. Static IP will only create more trouble. . . .STAY OFF IT if you can.. . . and i know you can. . .
    185 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: