Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
GS108E-v3 DHCP VLAN
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-23
07:12 AM
2015-04-23
07:12 AM
GS108E-v3 DHCP VLAN
I recently purchased this switch and was surprised to learn that when in DHCP client mode, it will pull an address from any device on any VLAN.
I would have expected it to only work on VLAN1 or allow the user to configure which VLAN(s) to pull an address from.
If I have more than one device on different VLANs that issues addresses, the switch will potentially pull an address on and be available on a different network depending on which device replies with an address first.
Please add a feature to the firmware to choose which VLAN to pull a DHCP address from, otherwise it should be considered a security risk using anything but a static IP.
Message 1 of 8
Labels:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-23
07:25 AM
2015-04-23
07:25 AM
Re: GS108E-v3 DHCP VLAN
On a similar note, I don't understand why a gateway IP is required when specifying a static IP - what does the switch need a gateway for?
Message 2 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-23
08:20 AM
2015-04-23
08:20 AM
Re: GS108E-v3 DHCP VLAN
duren wrote:
If I have more than one device on different VLANs that issues addresses, the switch will potentially pull an address on and be available on a different network depending on which device replies with an address first.
Please add a feature to the firmware to choose which VLAN to pull a DHCP address from, otherwise it should be considered a security risk using anything but a static IP.
I haven't noticed this just now, and you're correct I don't see any option to specify the VLAN it will be getting the DHCP network from. I suggest you open a support ticket and forward a feature request.
duren wrote:
On a similar note, I don't understand why a gateway IP is required when specifying a static IP - what does the switch need a gateway for?
I believe the gateway address is not necessary, as per manual it says "if available".
Message 3 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-23
10:05 AM
2015-04-23
10:05 AM
Re: GS108E-v3 DHCP VLAN
I did open a ticket, Case #25040728 which has a reply that this feature can be requested but there is no guarantee it will happen, so I'm trying to get the backing of the community to help push it forward.
Message 4 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-23
10:12 AM
2015-04-23
10:12 AM
Re: GS108E-v3 DHCP VLAN
Nhellie26 wrote:
I believe the gateway address is not necessary, as per manual it says "if available".
Except that the GUI complains if you don't enter one.
"Alert Switch Information IP address: is not a valid Gateway!"
Message 5 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-23
12:39 PM
2015-04-23
12:39 PM
Re: GS108E-v3 DHCP VLAN
A couple of points ...
First - network "best practice" dictates that all infrastructure devices be set to static addresses, so at least personally, I see no reason to select which VLAN the DHCP server should reside on, and for that matter, I'm curious as to why anyone would want to have more than one DHCP server (ok, maybe two, for redundancy purposes) on their network.
Using these practices the only time the switch would need to get an address from the DHCP server is during the initial setup.
Default gateway - as I'm sure you already know - the purpose of the default gateway is to specify the "gateway" that the device will use for "off network" communications - having a default gateway set comes in very handy for remote troubleshooting (as in fact does a static address).
If you're running a small network, these might be "non-issues" for you, but as your network(s) grow(s), it becomes a lot easier to be able to manage it without getting up from your desk, or without driving across the city/flying across the country.
Message 6 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-24
05:59 AM
2015-04-24
05:59 AM
Re: GS108E-v3 DHCP VLAN
Regarding the gateway question, I know why you would need one for a fully managed switch as it would have some sort of features to "call out" ie heart beating / emailing / monitoring but this switch has no such features exposed in the GUI where it needs a gateway.
As for the case of why you would have more than one dhcp server, there are actually two:
1. If I want a guest network, wireless for example, bridged to the LAN, segregated by VLAN, I'll likely have a different dhcp subnet as well. If the dhcp server is on another device and VLANs are used to determine which subnet and address to issue, it is possible for the switch to get an address from either and not be on the expected VLAN. (essentially being on the wireless VLAN)
2. Some ISPs allow multiple public IP addresses. To have multiple devices get them, you would have the modem and those devices on a separate VLAN and the devices would have their own WAN links. Since the switch pulls DHCP from any VLAN, if the modem serves an IP faster on VLAN 2 than the server on VLAN 1, your switch and its admin capabilities are now on the WAN instead of the expected LAN.
The case for using dhcp instead of a static IP would be for easy management. If for some reason the switch IP needs to change, I can still access it via its DNS name, which in my case is static in the sense that the dhcp server has a static mapping to the switch's mac address.
In a strict best practice sense, you are right, stick to static, but I wanted to highlight this because its a pretty big deal for a device, a business device no less, one of whose biggest features is to segregate traffic, does not bother doing that for its own traffic.
As for the case of why you would have more than one dhcp server, there are actually two:
1. If I want a guest network, wireless for example, bridged to the LAN, segregated by VLAN, I'll likely have a different dhcp subnet as well. If the dhcp server is on another device and VLANs are used to determine which subnet and address to issue, it is possible for the switch to get an address from either and not be on the expected VLAN. (essentially being on the wireless VLAN)
2. Some ISPs allow multiple public IP addresses. To have multiple devices get them, you would have the modem and those devices on a separate VLAN and the devices would have their own WAN links. Since the switch pulls DHCP from any VLAN, if the modem serves an IP faster on VLAN 2 than the server on VLAN 1, your switch and its admin capabilities are now on the WAN instead of the expected LAN.
The case for using dhcp instead of a static IP would be for easy management. If for some reason the switch IP needs to change, I can still access it via its DNS name, which in my case is static in the sense that the dhcp server has a static mapping to the switch's mac address.
In a strict best practice sense, you are right, stick to static, but I wanted to highlight this because its a pretty big deal for a device, a business device no less, one of whose biggest features is to segregate traffic, does not bother doing that for its own traffic.
Message 7 of 8
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2015-04-24
10:46 AM
2015-04-24
10:46 AM
Re: GS108E-v3 DHCP VLAN
1 - Explore DHCP relay - one DHCP server can serve multiple subnets
2- You seem to be putting the switch ahead of your firewall - not quite the norm is small business environments.
3 - With dynamic addressing, if your DHCP server fails or the connection is lost, the switch will discard it's address when the lease times out and may become unreachable - with static addressing this does not happen - this is the difference between being able to connect to the switch and troubleshoot the problem without the previously mentioned need to leave your desk, office etc.
2- You seem to be putting the switch ahead of your firewall - not quite the norm is small business environments.
3 - With dynamic addressing, if your DHCP server fails or the connection is lost, the switch will discard it's address when the lease times out and may become unreachable - with static addressing this does not happen - this is the difference between being able to connect to the switch and troubleshoot the problem without the previously mentioned need to leave your desk, office etc.
Message 8 of 8