DHCP - No Free Leases (pf_2.4.3-release-p1)

msf2000

It's a bit of a radical idea... but have you considered splitting wired and wireless users into different subnets (or different DHCP scopes)? Divide & conquer to find the problem, is my motto.

Either way... I agree that the lease abandon rate is pretty high... This feels like an (OSI) layer 2 problem somewhere in the network, but I don't know enough to say what it could be.

iHugoF

@msf2000 It has all been divided...:) This is just 1 subnet, were I'm testing pfSense, and it's just for wireless guest clients.

For all the other subnets, we've other dhcp servers and no issues, hence I'm being puzzled with dhcp on pfSense acting like this...

I've never seen this dhcp behavior on any other dhcp servers...:-/

johnpoz

So the controller is doing a dhcp relay? You mention that all the leases are from the controller?

Where are you getting that listing of leases and times? The dhcp lease table should show host and mac, etc.

iHugoF

@johnpoz No, no need for dhcp relay, since the controller wireless network interface is on the same network/vlan of the interface of pfSense and yes, all the abandoned leases come from that specific wireless controller - 3Com.
I've other 2 Cisco controllers and no issues with those ones.

But you may be on to something, since I've noticed that all the clients leases that reach pfSense come with the controller name, and not the PC/Device name, even with all the mac addresses being different and such, but the client ID it's always the same = controller name/model.

I got the list from the pfSense DHCP GUI and from the dhcp logs, via CLI.

johnpoz

That is odd.. I have no experience with 3com controllers.. But why would pfsense not see the host-id from the client itself? Unless the controller is doing something with the dhcpdiscover/request?

msf2000

@ihugof said in DHCP - No Free Leases (pf_2.4.3-release-p1):

er subnets, we've other dhcp servers and no issues, hence I'm being puzzled with dhcp on pfSense acting like this...
I've never seen this dhcp behavior on any other dhcp serv

Is the 3COM wireless controller configured as a DHCP relay, or is it configured to just pass layer 2 traffic from pfSense to the clients?

johnpoz

^ yeah sounds like it my be relaying it??

iHugoF

@johnpoz Is odd since 3Com doesn't even have a dhcp-relay option...it only has dhcp-server on/off option, and it's off, so all traffic it's just pass through...

Abandoned leases happen when dhcp-server sends ICMP ECHO to client, before assigning a lease, so that would mean that someone or something is replying to the ICMPs and pfSense dhcp thinks IPs are being used and marks them as abandoned...
Once again...it's strange why only pfSense dhcp is doing this...
Until I find the cause of this, I set "abandon-lease-time 3600;" so it doesn't have to wait 24h to clean it...
Hope that can fix it until a more permanent solution...:-)

iHugoF

@msf2000 No relay option, just letting the traffic pass...:-)

iHugoF

Errr...pretty damn dumb....but I just realized that the 3Com was badly configured...LoL
That's the problem of trusting someone else...:-)
You should always check yourself!!!
3Com was configured as a /21 when the network is a /19 and the interface as a dhcp client of the network itself.
Besides all this, the interface IP on another interface, was overlapping my subnet...
I'll wait and see if this was the problem...but I'm starting the clients from 3Com arriving with the proper device name and not the 3Com device name.
I still see some abandoned leases, but it set the timeout for 300s now, to check if that does it...
Really hope that "this was it" coz this was making me go crazy! :-)

msf2000

@ihugof
Glad you found it! Improper subnet configuration would definitely do it. Ideally, the 3COM controller would be a static IP, such as 10.0.192.2/19. And of course other interfaces properly set too. :)

iHugoF

@msf2000 Yeah...but you know how it is...If it was working with all other DHCPs, and I don't even know how, why only pfSense dhcp would have trouble with it...?!

It has been working on top of a cisco router dhcp for years and no issues...

Currently I've around 3000+ active leases and not a single abandoned lease...so everything seems to be looking good! :)

I'll wait until next week, just to be sure...:p

Thank you ALL for your help! :)

Grimson

@ihugof said in DHCP - No Free Leases (pf_2.4.3-release-p1):

@msf2000 Yeah...but you know how it is...If it was working with all other DHCPs, and I don't even know how, why only pfSense dhcp would have trouble with it...?!

Just for the record, it's not pfSense DHCP. It's ISC DHCPD from FreeBSD. pfSense just provides a UI, creates the config file and starts the daemon.

iHugoF

@grimson I know what you're saying...but before this I tried setting up the dhcp server on Debian, AIX, Solaris...and none gave problems...hence I kept saying "pfSense dhcp"...just that...:-)

But you're right! Thx!

johnpoz

@ihugof said in DHCP - No Free Leases (pf_2.4.3-release-p1):

Debian, AIX, Solaris...and none gave problems..

And what were they running for DHCPd? Was it ISC dhcpd? What version - maybe they were the ones broken since it seems you for sure had some mask issues and problems with the setup.. Seems like they might of been masking the underlying problem?

While with pfsense and ISC dhcpd the problem presented itself with symptoms

Might be good idea to try and duplicate the setup and try and figure out why you where not seeing the issue with the other dhcpds

JKnott

@ihugof said in DHCP - No Free Leases (pf_2.4.3-release-p1):

Abandoned leases happen when dhcp-server sends ICMP ECHO to client, before assigning a lease

I've never seen that happen and I have looked for it. What I have seen is either gratuitous ARP or duplicate address detection (DAD), both of which are performed by the client. As I understand it, an abandoned lease is one that had previously been assigned, but no longer used resulting in the lease expiring. The default lease time with pfSense is 7200 seconds or 2 hours, whichever comes first.

iHugoF

Problem is solved! :-)
I only get now "expired leases" and not "abandoned leases", so everything is working as it should!
Thank you all for the time and help!

fmp

@ihugof I had this problem before and since my network lease isn't huge as yours, manual (deleting expired leases) manipulation on dhcp service was my workaround.