We've all encountered this scenario - you've got a network device (often a printer or legacy equipment) that has a hardcoded IP address sitting right in the middle of your DHCP range. In this case, we have a device at x.x.x.50 while our DHCP server (ISC-DHCP on Ubuntu) is configured to hand out addresses from x.x.x.10 to x.x.x.246.
While you could technically solve this by creating two separate pool declarations (x.x.x.10 to x.x.x.49 and x.x.x.51 to x.x.x.246), this approach becomes messy when dealing with multiple excluded IPs or when you need to frequently modify the excluded addresses.
ISC-DHCP server actually provides a clean solution for this exact scenario using the range directive with exclusions. Here's how to implement it in your dhcpd.conf:
subnet x.x.x.0 netmask 255.255.255.0 {
range x.x.x.10 x.x.x.246;
range x.x.x.50 x.x.x.50; # This excludes x.x.x.50 from being allocated
option routers x.x.x.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}For cases where you need to exclude multiple individual IPs, you can chain multiple range statements:
subnet x.x.x.0 netmask 255.255.255.0 {
range x.x.x.10 x.x.x.246;
range x.x.x.50 x.x.x.50; # Exclude printer
range x.x.x.100 x.x.x.100; # Exclude security camera
range x.x.x.150 x.x.x.150; # Exclude legacy device
# Other options...
}After modifying your config, restart the DHCP server and verify the exclusion works:
sudo systemctl restart isc-dhcp-server
dhcp-lease-list # Check active leases to confirm x.x.x.50 isn't assignedAnother clean method is to create a DHCP reservation for the device, which effectively reserves the address and prevents its assignment:
host printer {
hardware ethernet 00:1a:2b:3c:4d:5e;
fixed-address x.x.x.50;
}This approach is particularly useful when you want to maintain control over the address assignment while still keeping it out of the dynamic pool.
Remember to:
- Document all excluded IPs in your network documentation
- Consider using IPAM tools for better visibility
- Test changes in a non-production environment first
- Consider implementing DHCP snooping on switches for additional protection
Network administrators frequently encounter situations where devices with static IP addresses fall within DHCP-assigned ranges. This commonly occurs with:
- Legacy equipment (printers, scanners)
- Network appliances with hardcoded IPs
- Temporary static assignments
The ISC DHCP server (dhcpd) provides multiple ways to handle IP exclusions:
Method 1: Using deny unknown-clients
host printer {
hardware ethernet 00:1a:2b:3c:4d:5e;
fixed-address x.x.x.50;
}
subnet x.x.x.0 netmask 255.255.255.0 {
range x.x.x.10 x.x.x.246;
deny unknown-clients;
}Method 2: Multiple Range Declarations
subnet x.x.x.0 netmask 255.255.255.0 {
range x.x.x.10 x.x.x.49;
range x.x.x.51 x.x.x.246;
}Method 3: Using Reserved Leases
subnet x.x.x.0 netmask 255.255.255.0 {
range x.x.x.10 x.x.x.246;
}
host reserved-ip {
hardware ethernet 00:00:00:00:00:00;
fixed-address x.x.x.50;
}For optimal results:
- Always document static IP assignments in dhcpd.conf
- Consider using DHCP reservations instead of static IPs when possible
- Use
dhcpd -tto test configuration before applying changes
After making changes:
sudo service isc-dhcp-server restart
dhcp-lease-list | grep x.x.x.50