Clients/Devices not showing up in DHCP Lease List and ? about blocked req.

likelinus

So I got my pfsense box up and running this afternoon with ease. Once I got everything set up I started looking at the DHCP Lease to start reserving addresses for my network. But I ran into an issue that the lease list isn't showing all my devices connected on the network! I noticed Dell PowerConnect managed switch and Denon not showing up in the list. The odd thing is that I could connect to the Denon through an IP address that fell within the IP range and worked just fine, but I could never get it to show up. So it appears it was able to use the LAN and grab an IP but it still doesn't show up!

Any clue why these two are not showing up at all? I didn't spend a whole lot of time on this, so maybe I'm missing something obvious.

Which leads me to my second question. When I enable "Deny Unknown Client", I didn't see anywhere that will show you what was denied and anything you could do with those devices. Say I need to connect a new device, but I don't want to turn that off, is there a simple way to see that it tried to connect and to save it as a device? I loved that feature on my Netgear R7000. It had a table under connected devices that shows devices that tried to connect and that were denied. I could see the name, ip, mac and such, and then give it access or keep denying it. It was simple and user friendly. Is there something similar on pfsense?

Again, sorry for the noob questions. I played with it for an hour or so but had to get the network back and running for the family and I pulled the box out of my network until tomorrow.

johnpoz

"maybe I'm missing something obvious."

What was IP range you were using before?  192.168.?  What was the IP range you were using with pfsense 192.168.?  The most logical answer to your question on how could you connect was the device was using is old IP, either that it got from dhcp from your old dhcp server device, or was setup static.

How did you know what the IP of this device was if you didn't see it in your dhcp leases?  Did you remember from what it was before, or what you had set it up static before?

"I could see the name, ip, mac and such"

How exactly did you see the IP of a device that asked for dhcp but you denied it?  Think your thinking of devices that tried to get through your captive portal or that were blocked via mac filtering?  On your R7000??  Not exactly sure..

I take it your talking wireless here..  How are you authing to your wireless? PSK, guest with captive portal?  What devices would be attempting to connect that you have not given the psk or creds too that would need to that you don't know what they are?  Why would you need a list of mac addresses?  Or names to be in some list?  But sure the captive portal should be able to do that, etc.

likelinus

I can see the device within Windows Network. It shows up and I can connect to it and it launches the web page. It has the IP of 192.168.1.3 and works (i.e. turn on and off my Denon and such). I did this from a separate computer on the same network. It functioned perfectly normal. But when I go into the Lease page, it doesn't show up as a connected device, even though it has a DHCP address and works.

My old setup using the R7000 used a DHCP address range of 192.168.1.X - 192.168.1.x (Exact Same).  I removed the R7000 out of the equation totally. I went from Motorola Cable Modem –>pfsense Box ---> Dell PowerSwitch.

All computers showed up, but oddly enough the switch and Denon do not. Both of these devices are connected via ethernet straight to the Switch itself.

Also, I set the pfSense DHCP address range to 192.168.1.2 - 192.168.1.100.

johnpoz

so your saying on the box if you do an IPconfig /all and look at the dhcp lease it just got it and got it from pfsense dhcp.

Ethernet adapter Local:

Connection-specific DNS Suffix  . : snipped
  Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
  Physical Address. . . . . . . . . : 3C-97-0E-99-DF-75
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IPv4 Address. . . . . . . . . . . : 10.56.41.91(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Wednesday, September 07, 2016 9:08:52 AM
  Lease Expires . . . . . . . . . . : Thursday, September 08, 2016 3:23:51 AM
  Default Gateway . . . . . . . . . : 10.56.41.1
  DHCP Server . . . . . . . . . . . : 10.56.12.68
  DNS Servers . . . . . . . . . . . : 10.56.12.102
                                      10.56.13.102
  Primary WINS Server . . . . . . . : 10.56.208.13
  Secondary WINS Server . . . . . . : 10.58.222.11
  NetBIOS over Tcpip. . . . . . . . : Enabled

But your not seeing this lease in pfsense??

Your using the same IP range.. client gets IP from r7000 lets call it 192.168.1.3, and then you use pfsense on 192.168.1 does not mean that this device got a new lease from pfsense.  It would still work, but pfsense would not list a lease because it did not give it one.

On your box have it renew the lease.. Reboot it, do a ipconfig /release, ipconfig /renew validate that is shows current lease time, etc.  And then you will see the lease in pfsense dhcp leases.  Handing out a lease and not showing it is pretty much impossible.

likelinus

Thanks for the quick reply.

I'm not able to do a release/review on these two units because one is a managed switch with only allows you to set it's connection as DHCP or Static IP. I tried both and it still worked on the pfsense without any issue. The Denon is an Audio/Video Receiver and I'm not sure there is a way to force a renewal. It's something I'll need to look at.

I do know however that the Dell PowerConnect DID in fact get a new IP address from the pfsense. It was previously using 192.168.0.25 on the R7000 w/ a saved Static IP. But when I removed it and installed the pfscense, it started using 192.168.0.2  The Denon also received a new IP of 192.168.0.3. That's most likely due to those were the first two items to hit the firewall once it booted up.

All that said, I understand what you are getting at with using the same IP range and I think the best thing to do is change the range and see if the units grab a new IP. That will answer the question if they are getting new leases or if them missing is another issue itself.

likelinus

I got this resolved. It appears that changing the IP range did make those device grab a new IP and show up in the lease table.

So, on to my other connection. Is there a way to view a device that connects so that can add it to your reserved list? Would like MAC number and any info it passes when it tries to connect.

johnpoz

what do you mean on your other connection.  Yes you can look at leases and give it a static reservation for a different IP.  Reservations have to be outside the pool

likelinus

Sorry, I meant QUESTION, not connection. Too much networking going through my brain.

I've got the reservation part down where it's outside my specified DHCP Server range. What I was trying to find out is the easiest way to find a device that tried to connect to the firewall and was rejected. If I set "new devices will be denied", I then have to figure out their Mac address and add that as a static IP.

I figured out I could just look through the firewall logs and find the info, but at the time I didn't know if there was an easy way to see all rejected devices.