Changing to DHCP from static.

[stvleaze]

Whats the best method of changing to DHCP from static?
I have many workstations, all having static IP's right now.
They all use the same class C network. I also have a few internal servers. Without disrupting the server access how can I implement DHCP?

Internal Class C 172.16.1.X 255.255.255.0
How do I make DHCP give out those addresses without conflicting with the statics I haven't changed over yet?

 

[chipk]

You need a router, unix, or windows server configured to hand out dhcp addresses. What kind of equipment do you have available for this?

Windows 2000+ should have ip conflict detection enabled, which means if an address is in use, the server won't hand it out.

Other than that minor problem, you just need to configure a server with all the statically assigned options on your workstations (subnet mask, gateway, dns, wins).

 

[stvleaze]

From what I hear, windows 2000 server conflict detection uses a ping to see if the ip is in use.

What if the client is using a software based firewall? That blocks pings...

I also hear that windows 2000 and xp workstations have client conflict detection via ARP requests.

If I enable the server based conflict detection, will it turn off the client based? Or use both?

 

[chipk]

Right. I believe the client side detection for XP/2k is on by default. I haven't read that turning on the server side disables the client detection.

Of course if you have a firewall, that blocks the server side detection. That can be gotten around by creating a policy in GPO to enable exceptions in the firewalls, e.g. for icmp, or if you don't have AD, you can use netsh to accomplish the same thing in login scripts. For example:

netsh firewall set opmode mode = ENABLE exceptions = ENABLE

I think ICMP is enabled by default with exceptions, but to turn it on, you would do:

netsh firewall set icmpsetting all enable

 

[stvleaze]

Can't do that if they use some weird firewall like norton internet security or zonealarm. ARP conflict detection would be much better.

I work for a company that has many departments that do "there own" thing when it comes to firewalls and antivirus.

 

[chipk]

Huh, well, it seems like it will only be a problem during your transition period. You need a way to find out who has what address without being able to ping. Do you have WINS? Hosts will register in WINS even if they have a firewall on. If you get yourself a list, and then create your scopes outside the used IP range (if possible), you really shouldn't get any conflicts at all. For instance, everyone statically assigned addresses 172.16.1.50 - 172.16.1.150. Just create your DHCP range with the 151-254 address space. The numbers may vary, but the basic idea should work if people just didn't randomly pick any number in the 254 block.

 

[stvleaze]

Thats the problem. People randomly picked numbers all the way to 254 lol...

I am using winarpattack right now.. not to attack. but it scans arp requests and finds all computers on network.

Plus it has a thing where it keeps scanning every 5 min. So I can leave it on a week and pretty much have the list for all ips used.

 

[chipk]

That will work. Just create a range using all the addresses and then reserve all the IPs that are in use.