Slow DHCP Lease

Joolee

I'm running pfSense 2.0-Release and I'm still experiencing very slow DHCP leases. (45 seconds versus 7 seconds from a Draytek) I hope someone can help me understand why and perhaps solve it.

The DHCP Log shows:```
Sep 20 10:04:35 dhcpd: DHCPACK to 10.1.51.101 (00:14:0b:69:d6:db) via re0_vlan51
Sep 20 10:04:35 dhcpd: DHCPINFORM from 10.1.51.101 via re0_vlan51
Sep 20 10:04:30 dhcpd: DHCPACK on 10.1.51.101 to 00:14:0b:69:d6:db (Joolee-Laptop) via re0_vlan51
Sep 20 10:04:30 dhcpd: DHCPREQUEST for 10.1.51.101 (10.1.51.1) from 00:14:0b:69:d6:db (Joolee-Laptop) via re0_vlan51
Sep 20 10:04:30 dhcpd: DHCPOFFER on 10.1.51.101 to 00:14:0b:69:d6:db (Joolee-Laptop) via re0_vlan51
Sep 20 10:04:30 dhcpd: unexpected ICMP Echo Reply from 172.21.1.1
Sep 20 10:04:29 dhcpd: DHCPDISCOVER from 00:14:0b:69:d6:db via re0_vlan51
Sep 20 10:04:29 dhcpd: DHCPNAK on 10.1.52.101 to 00:14:0b:69:d6:db via re0_vlan51
Sep 20 10:04:29 dhcpd: DHCPREQUEST for 10.1.52.101 from 00:14:0b:69:d6:db (Joolee-Laptop) via re0_vlan51: wrong network.
Sep 20 10:04:20 dhcpd: DHCPNAK on 10.1.52.101 to 00:14:0b:69:d6:db via re0_vlan51
Sep 20 10:04:20 dhcpd: DHCPREQUEST for 10.1.52.101 from 00:14:0b:69:d6:db (Joolee-Laptop) via re0_vlan51: wrong network.

This is a fairly simple installation. The WAN port uses DHCP to get an IP from another internal network (172.21.1.0/24). Then there are 5 VLans, each having their own IP range and DHCP Scope, connected by a trunk to a cisco switch. The log show me plugging my laptop from one port (configured to vlan 52) to another port (vlan 51).

I've got a few other pfSense devices already in production set up in a similar way. The WAN port gets an IP from a DHCP server (connected by fiber with PPPoE). The vlan count is 200 with each having their own interface, ip range and DHCP scope. The time it takes before getting a lease takes up to 90 or 120 seconds! The used hardware differs with every device.

Can it be ARP that slows it down? The DHCP log only covers 15 seconds of the 45 seconds process so it's likely that the DHCP daemon didn't get any DHCP requests for the first 30 seconds.

wallabybob

What starts the 45 second time you wrote about and what stops that timer? 45secs from removing laptop from VLAN A on which it has an active DHCP lease to it getting a new DHCP lease on VLAN B?

Joolee

@wallabybob:

What starts the 45 second time you wrote about and what stops that timer?

My finger did both, i used a stopwatch ;)@wallabybob:

45secs from removing laptop from VLAN A on which it has an active DHCP lease to it getting a new DHCP lease on VLAN B?

I started counting when I plugged the ethernetcable from my laptop in VLAN B. The laptop was previously connected to VLAN A (as the log shows) but a newly booted and unknown client also takes a lot of time to get a lease.

I tried using a dhcp testing application on a already connected client and the response was almost instant so I don't think its a DHCP issue but has to do with registering a new client. I'll try hooking up the cisco switch to a draytek to see if it's pfsense or the switch that's so slow.

Joolee

@Joolee:

I'll try hooking up the cisco switch to a draytek to see if it's pfsense or the switch that's so slow.

After testing, it seems the cisco switch is at fault… Enabling portfast on network ports helps, now the client is recognized in under 10 seconds.

Sorry for the inconvenience and thank you very much for your help!

For other people experiencing the same:

config t
int range fa0/1-24
spanning-tree portfast
end