DHCP questions & help

[EPR]

My routers are working great thanks to you guys and all the great info here. So I'm back at DHCP. Looking for best practice on home networks I have.

Should I change the routers default LAN IP? I have a domain name assigned already. If so, how do I choose what to use? I think I would like to change it though.

Is static and manual the same, I'm thinking so from my reading, but confirm?

I understand how to set the static or manual ip outside the dhcp pool.

Is this correct:
Static or Manual = server, NAS, windows desktop, MAC, cameras, printers, devices that I would want to log into remotely.
DHCP = phones, tablets, watches, laptops, roku's?

All camera's are on guest 2, roku's on guest 3.

On static or manual devices, does the IP need to be changes on them also? If so how is best way?

 

[ColinTaylor]

My routers are working great thanks to you guys and all the great info here. So I'm back at DHCP. Looking for best practice on home networks I have.

There's really no "best practice", only personal preference (unless you really mess things up ). Use whatever scheme makes sense to you as you're the person that's going to be maintaining it.

Should I change the routers default LAN IP?

Not necessary. Some people think doing so increases security in some way but it doesn't. Change it if you want but it's placebo.

I have a domain name assigned already. If so, how do I choose what to use? I think I would like to change it though.

Personal choice, but don't use a public domain name to avoid confusion. e.g. home.lan or home.arpa is OK but not home.com. Link

Is static and manual the same, I'm thinking so from my reading, but confirm?

Different people use the terms to mean different things and sometimes conflate the two. "Static" usually means IP settings that are manually entered in the client's network adapter settings. In the Asus world "manually assigned" means an IP address that is reserved for a client in the DHCP server.

I understand how to set the static or manual ip outside the dhcp pool.

Is this correct:
Static or Manual = server, NAS, windows desktop, MAC, cameras, printers, devices that I would want to log into remotely.
DHCP = phones, tablets, watches, laptops, roku's?

All camera's are on guest 2, roku's on guest 3.

On static or manual devices, does the IP need to be changes on them also? If so how is best way?

My rule of thumb is that the only devices that are statically configured (i.e. configured in their network adapter settings) are infrastructure devices that you need to work even when the router is not working. e.g. managed switches, DHCP servers; maybe a NAS if it's used for network recovery.

Manually assigned (i.e. IP address reserved in DHCP): other non-client devices that you might need to access from another device, e.g. printers, NAS, maybe IP cameras. Or a PC that you have remote access to from the internet via port forwarding rules.

Generally speaking you should strive to not rely on fixed IP addresses. Instead you should be using (inside your LAN) hostnames instead. So instead of setting up your PC's network printer using "192.168.1.10" you should be using "my-printer" (or whatever hostname is registered in DNS for that printer).

Everything else (the majority) should be just normal DHCP.

 

[bbunge]

@ColinTaylor did a good job with his answer. FWIW, I use manually assigned and static IP addresses. My only manually assigned client is my printer. And, it has been assigned the same IP address by DHCP across three, no that should be four, Asus routers before I set the address manually. My static clients are a PoE managed switch, five cameras, my security cam server and the NAS. I believe you can't do a static IP address on Asus Guest WIFI but manual may be possible.

With all this wisdom stated, you best bet is to keep things simple so you are not continually micro managing your home network. DHCP works just fine for most home users and my experience is that Asus routers give out the same IP address to clients forever! Only if the MAC address changes does it give a different IP address. So, turn off random MAC on your phones and tablets.

 

[EPR]

Thank you @ColinTaylor & @bbunge !

Domain was initially set up xxxx.LAN, found that here.

Static would be outside of the pool that you would create. Like say .2-.24, changed on the device, then dhcp pool started at .25 up. No reason for me to do static then.

So then NAS, and a couple of computers that are wired, that would connect to sensitive like sites, printer/scanners I should manually add them to, LAN>DHCP Server>Manually Assign IP and also add Host Name to each to log in with. This would allow away login to these devices? Does the location of manually added devices matter? Like lower numbers middle or higher. Grouped together any spacing apart? Thinking interference.

Someone told me I should put the cameras on a VLAN, but I am not even remotely familiar with that. While on the camera's, any suggestion for that upgrade, I want to stay with wired, 24 hours streaming on them.

Everything else I'll let run wild on DHCP. lol

 

[ColinTaylor]

So then NAS, and a couple of computers that are wired, that would connect to sensitive like sites, printer/scanners I should manually add them to, LAN>DHCP Server>Manually Assign IP and also add Host Name to each to log in with. This would allow away login to these devices?

I don't know what you mean by "connect to sensitive like sites" in this context. Remote access from the internet to these devices would also require you creating port forwarding rules in WAN - Virtual Server / Port Forwarding. Generally speaking you want to avoid doing this if possible. If you need remote access to your network it is often better to use the router's VPN server.

Does the location of manually added devices matter? Like lower numbers middle or higher. Grouped together any spacing apart? Thinking interference.

No it doesn't normally matter. Well, apart from making things more obvious for a human. The only time when it might is if you have a group of devices and want to apply rules (e.g. in VPN Director) to the whole group using CIDR notation rather then individually.

Someone told me I should put the cameras on a VLAN, but I am not even remotely familiar with that. While on the camera's, any suggestion for that upgrade, I want to stay with wired, 24 hours streaming on them.

Your router doesn't support VLANs, but it does support guest Wi-Fi networks (with intranet isolation) which is similar. That doesn't help much if your cameras are not wireless.

 

[EPR]

I don't know what you mean by "connect to sensitive like sites" in this context.

ie., work, financial... I Feel better hooked up than wireless for that. Maybe its just me. I use no banking type apps on wireless.

Your router doesn't support VLANs, but it does support guest Wi-Fi networks (with intranet isolation) which is similar. That doesn't help much if your cameras are not wireless.

I'll leave vlan then, for now. I have cameras on guest 2, roku on guest 3. No issues.

 

[EPR]

So static IP, would you say best practice, need redundancy to really be correct, in case of outage? Also this would be out side of ip pool. Logins to clients/devices.

Is Manually assigning IP and or just DHCP, not or less susceptible to a out outage?

Trying to get a grip on this. lol Reason I circled back after I got everything else set, drawn out and pictures so I know what I did. lol I love it though.

Thanks!

 

[ColinTaylor]

As I said in the beginning, there really is no "best practice". Choose a scheme makes sense to you, but be consistent.

Static IP addresses (configured on the network adapter) must be outside of the DHCP pool.

I can't answer your question about redundancy or outages because I don't know enough about your network or what sort of failure scenario you're trying to cover.

 

[JGrana]

I noticed something today. I am using YazDHCP and see in /etc/dnsmasq.conf it adds:

addn-hosts=/jffs/addons/YazDHCP.d/.hostnames

That file has all my assigned IP/Hostnames. When dnsmasq starts, it reports that it read that file.

But, it doesn’t seem that dnsmasq actually uses it. For example, I have one of my servers called PlexMedia as:
192.168.1.7 PlexMedia

If I ping that name I get “name or service not known”.

If I add that line to /etc/hosts, it works fine.

Are there other settings I need to set or is something not working with dnsmasq?

 

[ColinTaylor]

@JGrana That's probably a question best asked in the YazDHCP thread.

 

[JGrana]

@JGrana That's probably a question best asked in the YazDHCP thread.

True. Thanks!