DHCP error message question
-
here's more log entries ... wan is connected (via ethernet) to a cable modem ... i have a backup wan (wanf) that is switches to wanf if wan is down (using iphone cellular connection) ... wan is soild with no issues
Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Apr 5 08:03:39 dhcpd 34821 send_packet: Host is down
Apr 5 08:03:39 dhcpd 34821 DHCPACK on 192.168.1.35 to 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 DHCPREQUEST for 192.168.1.35 from 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 reuse_lease: lease age 73 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.35
Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Apr 5 08:03:39 dhcpd 34821 send_packet: Host is down
Apr 5 08:03:39 dhcpd 34821 DHCPACK on 192.168.1.35 to 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 DHCPREQUEST for 192.168.1.35 from 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 reuse_lease: lease age 73 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.35
Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Apr 5 08:03:39 dhcpd 34821 send_packet: Host is down
Apr 5 08:03:39 dhcpd 34821 DHCPACK on 192.168.1.35 to 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 DHCPREQUEST for 192.168.1.35 from 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 reuse_lease: lease age 73 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.35
Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface. -
What sort of clients are doing this? Anything in particular? Wireless devices perhaps?
-
something at layer 2 is blocking the arp reply from this device (.35) ... it happening to many clients on my network
-
All wireless clients?
We saw something like this recently on some Aruba APs I think it was.
-
yes wireless (unifi controller, ap and switches )
-
maybe dhcp snooping?
-
@mcury said in DHCP error message question:
maybe dhcp snooping?
that what negate tac was thinking ... however my big switches (edgeswitch) don't appear to have this feature exposed in the gui ... my smaller (8p) switches unifi us-8 for APs only has IGMP snooping which i have off ... not clear
-
my system (xg-1537 and unifi APs, switches cloudkey2) has been working great for a couple of years ... then boom lots of DHCP issues everywhere
-
@bmf7777 what about arp inspection?
it works for arp anti spoofing, but I'm not sure if unifi switches have this option..Edit:
Checked a few sites, and people solved this error by allowing outbound connections on port 67..
It seems a problem with firewall rules? Although pfsense allows that by default in implicit rule.. -
i found one switch port of a large switch that had DHCP snooping enabled ... could this one port cause an issue ? (turned it off )
-
@bmf7777 Is this happening only in the 192.168.1.0 network?
Is this network connected to that switch you mentioned?If you connect through ssh to pfsense, or console access and type the following:
pfctl -sr | grep DHCPDo you see a pass out quick on for that network/interface?
Edit: Tried to reproduce the problem by commenting the following line in /tmp/rules.debug, but the problem didn't happen..
pass out quick on $WIFI proto udp from 192.168.10.1 port = 67 to any port = 68 ridentifier 1000004743 label "allow access to DHCP server" -
@bmf7777 said in DHCP error message question:
been working great for a couple of years ... then boom lots of DHCP issues everywhere
What changed? Firmware updates?
