Hello,
Does anybody know if it’s possible to assign a static IP address to an IMP?
Thank you
You communicate with the imp (device) through the agent, and the agent URL is static, so you do have a static address to communicate with.
You can certainly configure your DHCP service to assign a static address to a particular device, but that won’t be much good for anything except network administration.
Thank you MakeDeck,
I’m going to install an imp device in a location where they don’t have DHCP enabled and they only assign static IPs, I guess for security reasons. I’m not a network expert, so I don’t know how I would blinkup an IMP without DHCP being available, do you know how it can be done?
Just give them the MAC address for your device, and they can assign a static address to it. (I’m assuming you can ask.) 
It won’t make any difference to the imp.
And the I should be able to use the blinkup app to connect the IMP to their network?
Assuming that nothing else would be blocking network traffic to and from the imp, then yes, you should be fine.
They’d have to have DHCP enabled - the imp only gets addresses via DHCP - but they can make a DHCP reservation if they know the imp’s mac address and then it’ll always be on that IP.
Thank you both for your comments.
Considering the following comment I found regarding network security - “But if you are truly serious about network security—if you have sensitive data residing on your network or just want to make data or identity theft much less likely—you’re probably better off sticking with disabling DHCP and maintaining full manual control of your home network.”. Is there any way that I can get the imp in the network without DHCP? The company policy where I’m installing the imp, doesn’t want to enable DHCP.
Thank you for your help on this.
DHCP is the protocol that responds when a device makes a request for an IP address on a network. It is used everywhere, and you shouldn’t consider it a security threat. Disabling DHCP on your home network would require you to be able to manually assign static addresses on every device, and you simply can’t on an Imp and many other networked devices. The comment you read was simply not at all practical for home networks. Many devices don’t have a method of statically assigning addresses, even if the average person knew how to do it.
To be clear about DHCP, do you mean that they don’t want to allow DHCP to assign an address to any device that connects to the network, even if it has a reservation, or that they actually don’t have a DHCP service running at all? Not using DHCP is painfully tedious, unless you have a small network with few devices that rarely change.
The only way a device can function on a network without DHCP is if you can assign an address directly to the device, and you can’t do that to the Imp. It will always ask for an address from the DHCP service on the network.
Thank you for your response Jwehr,
I agree that having DHCP disabled is not practical for a home network, but I think it’s common for businesses to disable it for security reasons. In my case, it’s a business that has about 10,000 stores in the country, and each store has a few devices that are connected to the network all with static IPs, they handle sensitive data in their network, data that is sent to the headquarters and that’s why they don’t enable DHCP. So when I wanted to connect my IMP device to their network their first questions was if they could assign an static IP to the device. I understand that the IMP was designed in such a way that the end user wouldn’t have to deal with network setup, and that is the way to go for the non tech user that wants a wifi device at home, however for commercial environments like in my case, it would be good if there was a way where the imp could be connected to the network manually without DHCP. But then it wouldn’t make sense to have a wifi device if it needs to be setup with an ethernet cable to assign the static IP. Which that brings me to the question, can the IMP connect to a network that has a firewall running?
There’s nothing insecure about DHCP with address reservations; if you are an unknown device, with no reservation, a DHCP server can be configured to not provide you with an address. Using DHCP is still better than not, because you can reassign addresses from a central point, vs putting every device into a configuration mode and entering a new IP address.
The imp requires no changes to an inbound firewall, but does require outbound access on port 31314 for a single TCP/TLS connection. Generally, this isn’t a problem as firewalls mostly work to prevent the local network from harmful external traffic (ie inbound firewall). If there is an outbound firewall that will prevent outgoing TCP connections to port 31314 then this will need to be reconfigured by the network owner.
If security at this company that tight, do they even have wireless access? Wireless would create an exponentially larger risk than running DHCP on a local network.
Not to belabour this thread, but DHCP can actually be more secure than static addressing. If a rogue device spoofs an IP address on a network, DHCP can detect the conflict, it is smarter than static addressing. Many businesses still have networks that were set up a long time ago with several devices connected by a hub. It’s probably less about security, and more about, “If it’s not broke, don’t fix it.”
Jwehr, I think that is the case, it’s an old company that is so big that to redesign and implement something new it’s not easy, and they have that mentality like you said “If it’s not broke, don’t fix it.”. They do not have a wireless network they have a hub and all their devices are connected there, it’s an old network setup. I guess I will have to convince them to move to the 21st century jajaja.
Thank you everyone for your comments on this, I’m learning.
Hugo, you last comment make sense on why you don’t really need to deal with static IPs, I didn’t know that DHCP could be configured to not provide with an IP if the device mac is not recognized, like I mentioned before I’m not a network expert.
Thank you for the info.
Here a thought, though not ideal, he could he get someone to set him up fake wifi access point before he goes to site, using that he could set credentials and use his (fake) dhcp (with an infinite lease time) to assign an address, would that work, or is there a point in time the imp would/could forget it?
or you install a wifi router on that heavily protected lan.
With of lot of those routers you can set the wan MAC yourself (cloning your connected PC MAC)
Sorry, did you just say “They do not have a wireless network”? If so then DHCP is going to be the least of the imp’s problems…
Peter
oh he did! I missed that…
In that case I’d be tempted to put a small AP in a box with the imp and make it a hidden network locked to the imp’s MAC
How about a Cisco lightweight wifi access point? It requires a central Wireless LAN Controller but is a good solution as the AP 's can have static IP addresses but the Wifi authentication and communication are tunneled through the WAN to the WLC. So all the wifi devices in a company appear at the data centre on a VLAN on the same subnet.
Having all the wifi devices on a single subnet will also make the firewall rules easier. The WLC can be a DHCP server or relay to one. Also the same SSID is advertised across all AP’s regardless of locations.
It might be overkill (but then maybe not for 10,000 stores) but a Cisco WLC and lightweight AP’s would be a good way to Imps into a corporate environment.