How to Use DHCP Reservations for Greater Control of Your AirPort Network

| How-To

If you use Apple's AirPort or Time Capsule for your home router, you're probably pretty happy with how easy it is to set up. Sometimes you need to exert a little more control over your network, however, and AirPort Utility makes that possible, too. This article will show you how to assign static IP addresses to your Mac using DHCP Reservations and DHCP Client IDs, and how to manage your network's DHCP range.

My angle in writing this up is managing my network to properly handle Bitcoin mining devices as I prepare for my Macworld/iWorld session on Bitcoins. Many mining devices not only need a static ID, they need to look for a local proxy server.

By assigning a static ID to the Mac running that proxy, you can avoid the headaches that come along with your base station assigning new IP addresses to your network, say after a power outage. Bitcoin mining aside, there are plenty of other reasons to assign reserved IP addresses, so let's get to it.

Why Not Just Use a Static IP?

You could just set a static IP address in your Network preferences. In the screenshot below, I set up an IP address using the "Manually" setting in Mavericks:

Static IP

Network Control Panel in System Preferences

The weakness with this method is that your AirPort base station doesn't know anything about it, and if you pick an address in the DHCP Range of your base station, it could assign the same IP address to another device. You don't want that.

Instead, I'm going to assign a DHCP Client ID to my Mac and let my base station know about it so that it can then assign the static IP I want based on that Client ID. This keeps everything neat and tidy in perpetuity.

DHCP Range

Let's start with your base station's DHCP Range. This is the range of IP addresses your AirPort base station feels like it owns and can use at any given moment. Whenever a device joins your network, the IP address it gets comes from this range.

To find out what your base station's DHCP Range is, go to the Network tab. The DHCP Range is specified underneath the Router Mode pulldown menu, as marked in the image below by the red arrow.

DHCP Range

AirPort Utility -> Base Station -> Network Tab

In this case, my base station had reserved 192.168.1.2 through 192.168.1.200. That's a huge range—far more than I could conceivably use. I could safely edit that down to 20 or 30 addresses for my personal needs, but what I really want is to simply make sure I can safely use everything above 200 for my mining devices, plus an extra IP for my Mac.

You can edit your DHCP Range by clicking on Network Options, as shown in the screenshot below:

Assign a Range

Network Options

Once there, I can edit the Range as needed, and for this example I'm going to limit it to 192.168.1.198. That will leave me 192.168.1.200 through 192.168.1.254 to use as I see fit.

Here's what that looks like after I set it:

New Range

New Range

Reservations

Now that I have the range I want, I can assign a specific IP to my Mac, which in this case is 192.168.1.199. In the three screenshots above, there's a block called DHCP Reservations. Click the "+" sign underneath that block, and you'll get a popup sheet, as shown in the screenshot below:

DHCP Reservations

DHCP Reservations Sheet

While you can do this by MAC address, a more human-friendly way to do it is by DHCP Client ID, so choose that in the pulldown menu, as shown above. This allows you to assign a name to the static IP I want. In this case, I'm going to call it 2008MacPro.

Note that in the screenshot below, there are fields for both a Description and a Client ID. Personally, I want them both to be the same, but they don't have to match. I'm sure there's a reason Apple gave us that option, but let's keep things simple.

In this screenshot, I also assigned the IP I want, in this case 192.168.1.199.

DHCP Reservations

Making a Client ID.

Once you've entered what you want, hit Save, and then Update. Note that this will restart your base station.

Your Mac

Now that my base station is set up, I need to set up my Mac. Go back to your Advanced options in the Network control panel in System Preferences and change "Manually" to "Using DHCP," as shown in the screenshot below.

Client ID

Network Control Panel

In the same control panel, there's a field marked DHCP Client ID (until Dave Hamilton showed me all this stuff earlier today, I had always wondered what that field was for!). Enter the Client ID you set up on your base station, as shown in the image below:

Set Client ID

Set the Client ID

Hit OK, then Apply, and your AirPort base station will automagically set your IP address to what you want it to be, as shown in the image below:

Client ID IP

New IP Address

Now, whenever my Mac restarts—or more importantly, whenever my AirPort base station restarts—I have the IP address I want, with no danger of another device being assigned the same IP. Cool, right?

For more information on this topic, Jim Tanous did a great write-up in 2012 that focused on using MAC addresses for DHCP Reservation, another way to do the same thing.

Comments

geoduck

If two systems have the same client ID isn’t it the first one in that gets the IP and the second one is SOL? I’m just thinking that you’ll want to have quite unique IDs for your systems. Both to prevent conflicts but to help prevent someone from just naming their system “iMac” and getting into your network. At least MAC Addresses are unquestionably unique.

Couldn’t you use this for security? Have 5 systems and only have the 5 reserved IP addresses, with nothing else live in the DHCP pool?

Gary LearnTech

@geoduck Way better to use the Timed Access Control option for this setup for your security.

Along, of course, with the other standard security-related choices.  ie use WPA2, hide the network name and have horrendous passwords that are so long and complex that they take even you 23 attempts to enter and you decide never to add another device.  Ever.

(And before anyone shoots me down for saying “hide the wireless network name” is useless, it’s _just one part_ of your security.  It knows it’s not that strong on its own but it makes it’s own humble contribution, so please let’s not pick on it. smile )

Log-in to comment