Best way to move from static to DHCP?

  • 1
  • Question
  • Updated 2 years ago
What's the best way to go from static IPs to DHCP? I'll be taking over the administration of our Aerohive in a few weeks because a guy is leaving, I was hired to fill his position. I have experience with Aerohive from my last location and we used DHCP. Here they have been using static IP addresses, currently with about 200 access points spread between 7 buildings. We have another 100-200 access points sitting waiting to be installed and it'll be a cold day in hell before I set them up with static IPs. I've already got the okay from the boss that switching from static to DHCP is OK, but I'd like to come back to him with a plan to do so. Right now we are using 10.10.x.x IP addresses for everything, but those are slowly being eaten up and we will likely have to redo the IP scheme for the entire network. Should I plan DHCP around the new IP scheme? Which probably won't be changed for another year or two or plan for the current one? Or should I make a plan for both and purpose that new IP scheme but have the backup plan for the current one?


I'd like to see it be changed to 10.B.H.H where B would be an IP for one building, example 10.1.x.x is building one, 10.2.x.x is building 2, etc. Then after that it'd be 10.1.100.0/21 for APs, 10.1.104.0/21 for SSID1, 10.1.112.0/21 for SSID2, 10.1.120.0/21 for SSID3 (not sure if we'll need this yet, depending on the authentication method we use.) We would then do this for each building using their building IP 10.2.100.0, 10.3.100.0, etc.

Or should I just set it up for the current IP scheme which is currently static at 10.10.30.1 - 10.10.30.254 and make the DHCP hand out those IPs? That problem I have with that is that I can't easily identify what building that AP is in based on its IP. Also the way our network/radius server is setup users that move between buildings will get an IP/VLAN based on where there account is located in AD. This means if a user whose account is located in building one in AD moves to building two they won't have a network connection because our switches aren't configured to have every VLAN configured, only the ones for their building. Should I assume it’d be best to setup a DHCP range that isn’t going to hand out IPs of the already static APs?

Sorry there is a lot here, just not sure the best approach... 

Photo of zzzP

zzzP

  • 19 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
Design, the art of the science! It sounds like you're investigating changing the user network as well as the management network. The first task will be to determine your client base, not just the number of users, but the number of devices and interfaces, i.e. wired laptops may require two addresses if wifi is enabled.

I like your thought of segmenting via vlans, but I would also be wary of adding additional subnets, as you will probably be looking at L3 roaming. It is possible to perform, but adds a layer of complexity (speedbump vs. mountain) during configuration and troubleshooting.

I would look at segmentation from a different angle; rather than geo-based vlans, perhaps user groups, i.e. corporate device vs. byod, teacher vs. student, etc. Thus when a users roams, he can remain on the same vlan and subnet.

I would start with a management vlan for your APs, switches, etc. you can migrate them as a test to make sure your VLANs are propagated and can reach your DHCP server. This brings up the topic of DHCP relay, or in Cisco terms, ip helper-address to make sure the dhcp request broadcasts can reach the dhcp server if it resides in another vlan.

Aerohive's VLAN Probe in the Tools tab can also be very helpful.

Great question and good luck!   
  
Best,
BJ
Photo of zzzP

zzzP

  • 19 Posts
  • 0 Reply Likes
I don't think L3 roaming will come into play since each location is separated by miles or am I not understanding what I just read about L3 roaming? L3 roaming allows clients to keep a constant connection between APs on different VLANs. Since these buildings are physically separated by miles, as long as the client device has no issue connecting to the same SSID getting a new IP will be okay..
Photo of BJ

BJ, Champ

  • 374 Posts
  • 45 Reply Likes
Apologies, I assumed we were discussing a campus LAN environment, rather than a WAN. With that bit of information, I would recommend keeping a consistent vlan layout across your WAN; vlan 10 for admin, vlan 20 for staff, vlan 30 for guests, etc. That way you can homogenize your network policy across the enterprise.
Assuming you're not placing a dhcp server in each location, make sure your routers are performing dhcp relay.

Best,
BJ