We recently produced a report of how many unused / free IP addresses were available is each of our customers DHCP scopes. (HERE is the simple script to create that list). As you can see in the screenshot below, we found a negative number free IP’s in one of the scopes:
After checking the formulas in the script, we dug into the DHCP scope in question and found they had somehow created dozens of IP Reservations that were outside of their scope. That should not be possible.
Depending on the version of Microsoft Windows you are using, one of these three errors should pop up when you attempt to create an IP Reservation that is beyond the DHCP scope:
- The IP address is outside the scope
- The specified IP address does not belong to the subnet or scope
- The reservation could not be created. The IP address is not within the scope
So how did they do it?!?! Well, it turns out that while you cannot create a reservation out of scope, you can create a reservation and then reduce the size of the scope. For example:
- It’s possible the reservations were created when the scope encompassed the addresses shown (e.g., 192.168.9.42, 192.168.9.135, etc.)
- Subsequently, the scope could have been narrowed (shrunk to 192.168.9.65 – 192.168.9.94)
That is just not something Microsoft anticipated and so there is not check on it and hence no error message.
Here is the problem: Windows DHCP may retain those out of scope reservations in its GUI but it will not hand them out. The devices with these reservations probably won’t get offered those IP’s.
So, if you have this situation, fix it immediately or you will find your network having odd problems in the future.
0 Comments