Static IP Question

[ZiprHead]

The retail company my wife works for has four stores in four differant cities. All the stores use the same ISP, Spectrum. She noticed on the bill that two of the stores are paying $15/mo extra for static IPs. All the stores use the same credit card terminals from the same vendor with no issues.

She asked me if there was any reason why static IPs were needed at those stores as opposed to otherwise at the other stores. I'm not that hip on networking issues so I told her to call the CC vendor and ask them but I also said I didn't think there was any reason why static IPs would be required.

What do you guys think about this?

 

[Loren Pechtel]

Static IPs are needed if you have any sort of inbound traffic. I doubt the credit card terminals care, but that doesn't mean there isn't something in the store that does care. It's something that would have to be answered by corporate IT.

 

[funinspace]

A proxy can forward to a DHCP client for a inbound client, so it isn't even technically needed there. Many would argue that static IP's are part of a more secure environment. I think one would need to ask the companies network/security group if there is a reason, as it could be an equipment driven reason. There are also DHCP reservations that can set a fixed IP for specific clients. But it could also just be a local admin preference...hard to say.

Here are 2 articles that talk about some of the reasons for each way of configuration.

https://www.lifewire.com/using-static-ip-address-on-private-computer-818404

https://www.idkrtm.com/using-dhcp-is-better-than-static-ip-addresses-even-for-servers/

 

[barbos]

DHCP is orthogonal to the question of static/dynamic IP. Both dynamic and static IP are served by the same DHCP server.

Static IP is preferable when you want your computer to listen for client connections. What LP said.

 

[funinspace]

DHCP is orthogonal to the question of static/dynamic IP. Both dynamic and static IP are served by the same DHCP server.

Static IP is preferable when you want your computer to listen for client connections. What LP said.

Static IP's can be served by a DHCP service, but it is not necessary. A computer can certainly have it's IP set to static, without regards to any DHCP service/server. Though all static IP's should be defined in a naming or management service with that kind of network.

 

[barbos]

DHCP is orthogonal to the question of static/dynamic IP. Both dynamic and static IP are served by the same DHCP server.

Static IP is preferable when you want your computer to listen for client connections. What LP said.

Static IP's can be served by a DHCP service, but it is not necessary. A computer can certainly have it's IP set to static, without regards to any DHCP service/server. Though all static IP's should be defined in a naming or management service with that kind of network.

This is not relevant to the OP question.

 

[steve_bank]

We use dynamic addresses because IPv4 doesn't provide enough static IP addresses to go around. So, for example, a hotel probably has a static IP address, but each individual device within its rooms would have a dynamic IP address. On the internet, your home or office may be assigned a dynamic IP address by your ISP's DHCP server.

IP addresses are analogous to a telephone number and area code.

If someone wants a fixed IP address then no one else can be assigned to it even when there is no traffic. Probably why the added cost.

Providers are assigned a block.

You can change the media access controller chip ID but I don't think you can change an IP address from your PC. You can set windows security to randomly change the MAC id on power up. It can help with confusing tracking sites.

 

[barbos]

We use dynamic addresses because IPv4 doesn't provide enough static IP addresses to go around. So, for example, a hotel probably has a static IP address, but each individual device within its rooms would have a dynamic IP address. On the internet, your home or office may be assigned a dynamic IP address by your ISP's DHCP server.

dynamic IP is consumed/leased even when there is no traffic. It's leased even when device is turned off (without releasing it), usually for couple of hours.

IP addresses are analogous to a telephone number and area code.

If someone wants a fixed IP address then no one else can be assigned to it even when there is no traffic. Probably why the added cost.

Providers are assigned a block.

You can change the media access controller chip ID but I don't think you can change an IP address from your PC. You can set windows security to randomly change the MAC id on power up. It can help with confusing tracking sites.

Websites can't track your MAC, without your ISP explicitly doing it for them which they don't.


Anyway, you can save $15 even if you need static IP. just use free dynamic DNS and don't turn/reboot router off without need. Because if you do, then it would cause disruption for some time while DNS caches are updating.
So don't reboot your router.

 

[Loren Pechtel]

We use dynamic addresses because IPv4 doesn't provide enough static IP addresses to go around. So, for example, a hotel probably has a static IP address, but each individual device within its rooms would have a dynamic IP address. On the internet, your home or office may be assigned a dynamic IP address by your ISP's DHCP server.

IP addresses are analogous to a telephone number and area code.

If someone wants a fixed IP address then no one else can be assigned to it even when there is no traffic. Probably why the added cost.

Providers are assigned a block.

You can change the media access controller chip ID but I don't think you can change an IP address from your PC. You can set windows security to randomly change the MAC id on power up. It can help with confusing tracking sites.

Most computers are operating on IPs assigned by their router. You can't change the IP of the modem, you can certainly change the IP of the computer. I have 4 devices here with static IPs--none of which are reachable from the internet at all. (None need to be exposed, why take the risk?)

 

[steve_bank]

We use dynamic addresses because IPv4 doesn't provide enough static IP addresses to go around. So, for example, a hotel probably has a static IP address, but each individual device within its rooms would have a dynamic IP address. On the internet, your home or office may be assigned a dynamic IP address by your ISP's DHCP server.

IP addresses are analogous to a telephone number and area code.

If someone wants a fixed IP address then no one else can be assigned to it even when there is no traffic. Probably why the added cost.

Providers are assigned a block.

You can change the media access controller chip ID but I don't think you can change an IP address from your PC. You can set windows security to randomly change the MAC id on power up. It can help with confusing tracking sites.

Most computers are operating on IPs assigned by their router. You can't change the IP of the modem, you can certainly change the IP of the computer. I have 4 devices here with static IPs--none of which are reachable from the internet at all. (None need to be exposed, why take the risk?)

It sounds like you are the IP provider in that case.

I use a Consumer Cellular hotspot and I have no idea who the actual provider is. How would I change a dynamic address that changes every time I connect?

If you have your own static address changing that on the fly would seem to be like changing your phone number.

 

[ZiprHead]

Wife still hasn't heard back from the CC machine vendor. The only other devices networked from the modem/router are office computers.

 

[barbos]

Most computers are operating on IPs assigned by their router. You can't change the IP of the modem, you can certainly change the IP of the computer. I have 4 devices here with static IPs--none of which are reachable from the internet at all. (None need to be exposed, why take the risk?)

It sounds like you are the IP provider in that case.

I use a Consumer Cellular hotspot and I have no idea who the actual provider is. How would I change a dynamic address that changes every time I connect?

If you have your own static address changing that on the fly would seem to be like changing your phone number.

Well, you can say that, home routers provide Private Network IPs for devices connected to it. But these IPs only work within home. For outside world you have to use real/global address which is the one assigned by ISP to your router.
Official Public WiFi spots in hotels and such usually give real IPs, but that's not the law.

 

[barbos]

Wife still hasn't heard back from the CC machine vendor. The only other devices networked from the modem/router are office computers.

The only real case where ordinary people/company would need static IP is some kind of IP camera or file server which you want to be reached from outside while on vacation or something without paying for the service. But even in that case there are free DNS which let you do that.

 

[funinspace]

Wife still hasn't heard back from the CC machine vendor. The only other devices networked from the modem/router are office computers.

The only real case where ordinary people/company would need static IP is some kind of IP camera or file server which you want to be reached from outside while on vacation or something without paying for the service. But even in that case there are free DNS which let you do that.

That is simply not true. There is still a lot of older retail equipment out there that only can be networked by setting it's IP directly (aka no DHCP) at the device. For example, a Schlage HandKey-II biometric scanner can only be manually set to a static IP. You and I have no idea whether that would be true for the mentioned CC machine. Hell, we don't even know the brand and model in question...

ZiprHead, it could even be that the CC machines appear the same from a business customers POV, but in reality the locations that are set to static IPs are older revisions/firmware that simply don't support DHCP. Personally, I would more suspect it was just done differently in the locations due to differently people doing the work. The only real way to find out is by what your wife is already doing.

 

[Loren Pechtel]

Wife still hasn't heard back from the CC machine vendor. The only other devices networked from the modem/router are office computers.

The only real case where ordinary people/company would need static IP is some kind of IP camera or file server which you want to be reached from outside while on vacation or something without paying for the service. But even in that case there are free DNS which let you do that.

That is simply not true. There is still a lot of older retail equipment out there that only can be networked by setting it's IP directly (aka no DHCP) at the device. For example, a Schlage HandKey-II biometric scanner can only be manually set to a static IP. You and I have no idea whether that would be true for the mentioned CC machine. Hell, we don't even know the brand and model in question...

ZiprHead, it could even be that the CC machines appear the same from a business customers POV, but in reality the locations that are set to static IPs are older revisions/firmware that simply don't support DHCP. Personally, I would more suspect it was just done differently in the locations due to differently people doing the work. The only real way to find out is by what your wife is already doing.

Why would a CC machine want to accept incoming connections in any way, shape or form?

I'm thinking more along the lines of the cash registers/inventory system needing to accept things like an updated price list.

 

[funinspace]

That is simply not true. There is still a lot of older retail equipment out there that only can be networked by setting it's IP directly (aka no DHCP) at the device. For example, a Schlage HandKey-II biometric scanner can only be manually set to a static IP. You and I have no idea whether that would be true for the mentioned CC machine. Hell, we don't even know the brand and model in question...

ZiprHead, it could even be that the CC machines appear the same from a business customers POV, but in reality the locations that are set to static IPs are older revisions/firmware that simply don't support DHCP. Personally, I would more suspect it was just done differently in the locations due to differently people doing the work. The only real way to find out is by what your wife is already doing.

Why would a CC machine want to accept incoming connections in any way, shape or form?

I'm thinking more along the lines of the cash registers/inventory system needing to accept things like an updated price list.

For example:
https://s4-myportal.s3.amazonaws.co.../utg installation and configuration guide.pdf

The Universal Transaction Gateway®
(UTG®
) encrypts and securely transmits transaction data from interfaced
merchant systems (POS, property management, e-commerce shopping cart, etc.) directly to Lighthouse
Transaction Manager using Shift4’s proprietary Derived Unique Key Per Transaction with Moving Target Encryption
(DUKPT w/MTE). The UTG is a small application that is installed on the merchant’s computer network that
facilitates connectivity to Shift4’s data centers. It is proprietary Virtual Private Network (VPN) software that
protects the transport of sensitive financial data from interfaced systems to the Lighthouse Transaction Manager
system. It performs assured delivery, controls the most favorable route for transactions, and controls various
smaller devices. You can also control various devices connected to the workstation (POS terminal) to offer online
debit transactions, check verification, and electronic signature capture capabilities.
<snip>
For security reasons, an internal static IP address is required on every machine with the UTG installed. In addition,
because of Card Association Security Requirements, the UTG must be installed on a machine that is protected
behind a firewall. It is the merchant’s responsibility to configure static IP addresses or networks.

Or:
https://www.keystrokepos.com/downloads/drivers/genius/CayanGeniusInstallInstructions.pdf

Each Genius device on a network must have a unique IP Address and must be paired up to the correct workstation. For
this reason, the device needs to be switched from Dynamic IP to Static IP Address mode (see steps below for
instructions). Do not use the device in Dynamic mode as this can cause the address to change without notice and then
Keystroke will no longer be able to communicate with it (or Keystroke may end up communicating with a Genius device
sitting next to a different workstation).

 

[barbos]

Wife still hasn't heard back from the CC machine vendor. The only other devices networked from the modem/router are office computers.

The only real case where ordinary people/company would need static IP is some kind of IP camera or file server which you want to be reached from outside while on vacation or something without paying for the service. But even in that case there are free DNS which let you do that.

That is simply not true. There is still a lot of older retail equipment out there that only can be networked by setting it's IP directly (aka no DHCP) at the device. For example, a Schlage HandKey-II biometric scanner can only be manually set to a static IP. You and I have no idea whether that would be true for the mentioned CC machine. Hell, we don't even know the brand and model in question...

I don't think you understand the problem well enough. He has ONE single global IP from his ISP. he does not have whole network, just single IP from the ISP network,

ZiprHead, it could even be that the CC machines appear the same from a business customers POV, but in reality the locations that are set to static IPs are older revisions/firmware that simply don't support DHCP. Personally, I would more suspect it was just done differently in the locations due to differently people doing the work. The only real way to find out is by what your wife is already doing.

You don't understand things. He has a router connected to ISP, not some single device from the 80s over telephone line. And the question is about global IP of that router. It has absolutely nothing to do with IPs of devices inside his network, he can do whatever he wants there and ISP would not know that.

 

[barbos]

Or:
https://www.keystrokepos.com/downloads/drivers/genius/CayanGeniusInstallInstructions.pdf

They are talking about private network IP like 192.168.*.*

 

[funinspace]

That is simply not true. There is still a lot of older retail equipment out there that only can be networked by setting it's IP directly (aka no DHCP) at the device. For example, a Schlage HandKey-II biometric scanner can only be manually set to a static IP. You and I have no idea whether that would be true for the mentioned CC machine. Hell, we don't even know the brand and model in question...

I don't think you understand the problem well enough. He has ONE single global IP from his ISP. he does not have whole network, just single IP from the ISP network,

Oh, duh, you are correct on it being the fixed IP from the ISP. I got stuck within tunnel vision on devices...

 

[Loren Pechtel]

For example:
https://s4-myportal.s3.amazonaws.co.../utg installation and configuration guide.pdf

The Universal Transaction Gateway®
(UTG®
) encrypts and securely transmits transaction data from interfaced
merchant systems (POS, property management, e-commerce shopping cart, etc.) directly to Lighthouse
Transaction Manager using Shift4’s proprietary Derived Unique Key Per Transaction with Moving Target Encryption
(DUKPT w/MTE). The UTG is a small application that is installed on the merchant’s computer network that
facilitates connectivity to Shift4’s data centers. It is proprietary Virtual Private Network (VPN) software that
protects the transport of sensitive financial data from interfaced systems to the Lighthouse Transaction Manager
system. It performs assured delivery, controls the most favorable route for transactions, and controls various
smaller devices. You can also control various devices connected to the workstation (POS terminal) to offer online
debit transactions, check verification, and electronic signature capture capabilities.
<snip>
For security reasons, an internal static IP address is required on every machine with the UTG installed. In addition,
because of Card Association Security Requirements, the UTG must be installed on a machine that is protected
behind a firewall. It is the merchant’s responsibility to configure static IP addresses or networks.

Or:
https://www.keystrokepos.com/downloads/drivers/genius/CayanGeniusInstallInstructions.pdf

Each Genius device on a network must have a unique IP Address and must be paired up to the correct workstation. For
this reason, the device needs to be switched from Dynamic IP to Static IP Address mode (see steps below for
instructions). Do not use the device in Dynamic mode as this can cause the address to change without notice and then
Keystroke will no longer be able to communicate with it (or Keystroke may end up communicating with a Genius device
sitting next to a different workstation).

Both of your examples are of internal static IPs. The same sort of thing I've got.