Most places I've worked at consider DHCP to be a bad idea for management networks, or "secured" networks. I'm curious as to why that is.
Consider this scenario...
- There is an ISCSI storage network, say,
10.1.1.0/24
- Clients have an interface for external communication, and a second interface on this ISCSI storage network to access storage volumes.
Am I not just adding extra complexity to the provisioning process by requiring humans to manage and assign IP addresses? It seems much easier to me to use an existing technology for this purpose.
My logic is that if a malicious actor is able to connect to the "secure" network and get an IP address, you have much bigger problems from a security standpoint than DHCP. Regardless, the malicious device could just self assign an IP address, since most networks have a gateway at x.x.x.1
and subnet mask of /24
.