Can I use a DHCP wireless router with a static IP network?

[Pipsfc]

Forgive my ignorance, but it has been some time since I've played around with network configurations. Here we go.

My church asked me to work on their network since I have experience. To reduce the amount of hardware in the current network, I removed two older routers and installed a Netgear Nighthawk AC1900 to allow for future growth. I then setup a subnet mask of 255.255.255.192 to divide the network up and allow the mail server and DNS server to be separate from the workstations and wireless users (when the time came to setup them up because the wireless is disabled on the router). To provide slightly better security, I also setup static IP address and disabled DHCP.

Now the church wants to have the wireless available to the congregation. Is there a way to maintain the static IP addresses but setup a wireless option to use DHCP on the same physical network?

I thought about adding an additional wireless router setup with its own static IP but would dish out IP addresses using DHCP. Can this work by selecting another subnet mask on the additional wireless router?

 

[oct]

No... The easiest way is to add another access point setup for dhcp... you can run dhcp with static ip but you have to reserve each ip to a mac address. The overhead in managing that type of table might kill you. I would not advice that setup.

In my opinion, I do not see a big security hole with using dhcp vs static. They both can be spoof, I would need more information about network/# computer to justify a reason pro/cons for network configuration.

If security is a major concern, consider setting up a radius server. It will be much easier to manage.

 

[bill001g]

You are wasting your time messing around with subnets on the router. Like almost every consumer router on the market you can only have a single lan subnet and a single WAN address. There is no way to assign different subnets to some severs in the future and keep them separate because you are only allowed to have a single lan. I have not used this router but if it has the ability to run a guest SSID then it will allow you to use the same DHCP and subnet for your guest users but they will only be able to access the internet not any of the other machines.

The only way you are going to get this to work they way you are talking about is to get a actual router...ie one that can have multiple lan and wan interfaces. What you can do is load dd-wrt or other third party firmware to your router to get most the feature you want. It will take a lot of reading to be sure you get everything the way you want but it is at least possible to run with multiple subnets. You can then apply whatever firewall rules you choose. You can run multiple DHCP server ranges so some subnets you can leave static and others can use DHCP.

 

[Pipsfc]

Thank you guys for the answers. It looks like with the basic setup I have, I need to stop using static IPs and just use DHCP instead. I guess the next best thing for me would be to use one of the many routers I have to setup a DMZ for the servers and guest users and put the rest of the network behind the second firewall (router). I guess the next question is can I use a consumer router as just a firewall?

 

[bill001g]

It depends what you need in firewall features. Many will do basic packet filters based on ip addresses and ports. When you start talking filter at URL levels or recognizing protocols like SIP and dynamically open pinholes you are going to need something more substantial. The other issue you will have is most consumer routers there is no way to disable the NAT process so it will depend if that causes issues or not.

To get more advanced firewall features you can again load third party firmware but for true firewall features you are probably best off using a older dual nic pc and load pfsense on it.