Available IP Addresses - Future Strategies
- rbeede
- Member
- Posts: 205
- Joined: Sat Apr 02, 2011 1:33 pm
- Contact:
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
rbeede wrote:We don't have much issue with admin/clerk computers being on the same network since the computers have firewalls as well.
As long as no printer sharing, file sharing or remote access is turned on.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Member
- Posts: 358
- Joined: Sun Jun 06, 2010 5:29 pm
- Location: Upstate, NY, USA
I trust a hardware firewall running on a non-end-user-configurable device MUCH more than a end-user-configurable software firewall running on a Windows admin computer.rbeede wrote:We don't have much issue with admin/clerk computers being on the same network since the computers have firewalls as well.
If they cant configure it, they cant bypass it.
Aaron Z
-
- Member
- Posts: 225
- Joined: Tue Jan 05, 2010 2:50 pm
- Location: Texas, United States
- Contact:
DHCP Lease Time
I was in a building yesterday with WiFi which ran out of IP addresses. It was very frustrating because I was there to give a training and couldn't get on the network.
I called the GSC today. I proposed two solutions 1) to increase the address allocation (which they can't do for PIX or ASA due to licensing issues, previously explained in this thread) or 2) shorten the DHCP lease time to something like 1 hour. This would free up IP addresses quicker, especially for wireless clients whose network connections go to sleep (like iPads and iPods) but who still take up precious IP addresses.
The answer from the GSC was that their engineers can't alter the DHCP lease time. Darn it. Was worth a shot, though.
Their solution is to upgrade to a 881, which is capable of larger IP address pool w/o licensing problems. But - if anyone from the Church network design team is listening - a shorter DHCP lease time (it's currently 24 hours - I think 1 hour would be good) would also help a lot! He did mention that the captive portal (coming next year) would also help to solve this problem as it would require the person to log in before it gave them an address from the pool.
I called the GSC today. I proposed two solutions 1) to increase the address allocation (which they can't do for PIX or ASA due to licensing issues, previously explained in this thread) or 2) shorten the DHCP lease time to something like 1 hour. This would free up IP addresses quicker, especially for wireless clients whose network connections go to sleep (like iPads and iPods) but who still take up precious IP addresses.
The answer from the GSC was that their engineers can't alter the DHCP lease time. Darn it. Was worth a shot, though.
Their solution is to upgrade to a 881, which is capable of larger IP address pool w/o licensing problems. But - if anyone from the Church network design team is listening - a shorter DHCP lease time (it's currently 24 hours - I think 1 hour would be good) would also help a lot! He did mention that the captive portal (coming next year) would also help to solve this problem as it would require the person to log in before it gave them an address from the pool.
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Odd. our 501 only leases for an hour.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Community Moderators
- Posts: 9861
- Joined: Mon Mar 17, 2008 12:30 am
- Location: USA, TX
Each of the appliances, Cisco PIX 501, ASA 5505, and 881W have configurable lease times according to Cisco's product information. Perhaps what they meant to say was that they weren't allowed to change the standard configuration. The longest lease time I have heard was the ASA's which was set to four hours. The 501 standard configuration lease time is 1 hour. I have not seen what the 881W's lease time is set to be.sammythesm wrote:The answer from the GSC was that their engineers can't alter the DHCP lease time.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
-
- Member
- Posts: 225
- Joined: Tue Jan 05, 2010 2:50 pm
- Location: Texas, United States
- Contact:
Yes. That is what he said/I meant. Sorry that was unclear.jdlessley wrote:Perhaps what they meant to say was that they weren't allowed to change the standard configuration.
Hmm. Meriting further investigation, I did an 'ipconfig /all' on a computer behind a PIX and another behind an ASA. You're right. Both have lease times of an hour. (i guess i should have done that before suggesting it as a solution to the gsc) Hmm. The tech said with some confidence that the default was 24 hrs. Oh well. Back to the drawing board. Sure would be nice to have more tools/views of what's going on in the network at a given time.jdlessley wrote:The longest lease time I have heard was the ASA's which was set to four hours. The 501 standard configuration lease time is 1 hour. I have not seen what the 881W's lease time is set to be.
-
- Community Administrator
- Posts: 34422
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
sammythesm wrote:Sure would be nice to have more tools/views of what's going on in the network at a given time.
I haven't used it myself, but if you set up Wireshark you could monitor what's happening.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.