0

In our small office for many years I use IPv4 address assignment scheme based on location of user device, like:

  • room #1: ip-range #1
  • room #2: ip-range #3
  • room #N: ip-range #N

For me it has an advantage: it's easy to recall where user device located (аnd what is the device) by IP address.

But this approach is violated constantly because variable part of user devices regularly migrate from one room to another.

There is another possibility: assign IP address to user device permanently for it's lifetime in office (based on MAC-address for example). But with this approach there is no way to now where is user device located now or group IP addresses into larger blocks/prefixes for routing/firewaling.

I still prefer not to use DHCP and assign addresses statically and we do not have managed switches.

I would like to now what approach is more common in IP assignment/allocation?

gapsf
  • 641
  • 1
  • 5
  • 12

2 Answers2

1

If you switches suppport it, you could use 802.1x computer authentication to dynamically assign a VLAN to the computer, wherever it is connected.

Then the computer will always be in the correct VLAN and IP range.

This require an authentication server, typically radius.

A windows machine runinng Network Policy Server can act as a radius server that use the active directory user database. Otherwise, it can be installed on linux and use almost any user database (including active directory).

JFL
  • 2,006
  • 1
  • 11
  • 16
0

I just don't see the need to filter users differently in one single office. So I use DHCP, and one pool per location. When I need to know which port the user is connected to - I use simple technique: arp -an | grep <IP> -> show mac address-table address <MAC> on the switch (or show ether-switching-table | match <MAC>). After all this is rarely needed.

I do use VLAN of course, but this is mainly to distinguish the services: voice VLAN, wireless WLANs, management VLAN, and so on.

Using radius to assign a user to specific VLAN is a great technique, but it's more of the ISP world, not enterpsise.

drookie
  • 8,051
  • 1
  • 17
  • 27