KEA DHCP in 23.09.1 needs some attention
-
I've been running KEA DHCP since it became available in Pfsense Plus. Periodically I assign static IPs to various devices and I have had no issues with KEA DHCP until today. Note, the DHCP service requirements are nothing fancy...just MAC addresses being assigned IP addresses...no DNS lookups or anything else. MAC to IP only. Today, I deleted a previously issued static IP, 192.168.115.210, plugged in a new PC and it was assigned 192.168.115.64. I then assigned 192.168.115.210 to the PC that had 192.168.115.64. When I restarted the PC it SHOULD have been assigned the static IP of 192.168.115.210 but it stayed on 64! Another restart, same result. I changed the Pfsense DHCP service back to the former ISC DHCP, restarted the PC again and this time the PC received the correct IP of 192.168.115.210!! I set the DHCP service back to KEA and restarted the PC and again I was back to the dynamic address of 64. Switch to ISC DHCP and again I get the correct static IP of 210.
KEA DHCP needs some attention...
-
I assume you mean assigned it using a static lease mapping?
-
@stephenw10 Yes, under Status, DHCP leases…I use the first + sign on the right of the lease. What is bizarre is I’ve been doing this with KEA for months but it wasn’t happy with this device. I tried it 3-4 times…same result. Tried it before bed but this time I didn’t complete the client identifier field in the static lease form and it behaved normally. Strange. Does the client identifier field override the MAC address identification process?
-
@jeff3820 said in KEA DHCP in 23.09.1 needs some attention:
Does the client identifier field override the MAC address identification process?
Can't get my eyes on it... As this is a DHCP question, check the DHCP sub forum.
There was some one with the same question/suggestion: is "client identifier field" also used ? and not only the MAC filed ... -
@jeff3820 said in KEA DHCP in 23.09.1 needs some attention:
Does the client identifier field override the MAC address
As Gertjan posted there are I think a couple of posts concluding that cloning a VM with a different MAC address but the same identifier, uses the identifier.
Here's such a thread for ISC actually: https://forum.netgate.com/topic/187300/isc-dhcp-server-handing-out-the-same-ip-address-to-multiple-clients/4
-
Ah, yes that seemed familiar: https://redmine.pfsense.org/issues/6960#note-21
ClientIDs are far more strict in Kea. ISC allowed things there that are not strictly valid. However the code should now allow it as shown on that bug.
-
@stephenw10 Got it…I can easily avoid the client ID field unless needed. This topic would be useful in the KEA documentation.
-
@stephenw10 A note further down that redmine also seems relevant, it links to https://kea.readthedocs.io/en/kea-1.6.1/arm/dhcp4-srv.html#using-client-identifier-and-hardware-address
"RFC 2131 indicates that the server may use both of these identifiers to identify the client but the “client identifier”, if present, takes precedence over “chaddr”. " -
Looks like we, the admins, need to do a little bit more work when creating a static lease. Things do change ones in a while.
Before the pfSense GUI gets overloaded with 'useful help text' everywhere :
What about a : "RTFM and go check and update your RFCs please" on the dashboard ?
Just as a reminder that router admins should do router admins things ones in a while
More serious : back in the good old days, when pfSense was still burned to flash memory and everything needed to be as small as possible : all the package manuals where ditched.
Can't they get re introduced again ? Most of use have a pfSense with some spare Gbyte left. Would be nice to have the doc at out finger tips, and why not : have it clone every night this https://docs.netgate.com/pfsense/en/latest/ into our firewall. -
Yes, and I assume that is the case here. But in addition there were values for client identifier that tripped up Kea that ISC just allowed.