DHCP leases are not automatically released



  • This is my current setup:
    pfSense SG-1100 (Awesome!!!)
    I have two networks, my main trusted network and IOT on a separate VLAN.
    From the SG-1100 I have a unifi switch on which I have two ports dedicated to the IOT VLAN. One port for a POE camera I am testing and the other to an Ethernet (dumb switch) to which I have connected my untrusted IOT devices and a few other things. The DHCP pool provided by the SG-1100 is for about 50 ips (but don't have that many).

    The main network is coming out of the unifi switch and connects my controller, an AP PRO, 2 computers directly and then a netgear SG108T smart switch.

    My problem started when I connected an HP printer which is part of my ePrint service (printing by sending an email to a specific email address which corresponds to the printer and the HP servers via the printing service send the email, files to the printer and they print without having to connect a computer or device to the printer not even have to be on teh same wifi) to the netgear switch and it did not print anything, it didn't even connect to the network. I was getting a weird IP address on it 169.254.96.32. I then changed it to manual and put it in the range of my main network and nothing. Did a lot of troubleshooting, including restarting it and going from auto IP (DHCP) and manual. Then I actually connected it to my IOT VLAN and it did print then.

    After a lot of troubleshooting my solution was to extend the DHCP server available IP address from 75 to 130 (to be safe) and immediately after restarting the service the printer displayed the right IP address which I forced on it via the pfSense interface. Now the interesting part is that the IP i assigned is not part of the DHCP range but it seems that if pf Sense has exhausted the available IP addresses it will not allow a new device to connect.

    Anyone had this problem? I have not found a solution on how to automatically purge the expired DHCP leases to make room. I keep my addresses tight so I can keep an eye on the network. I do know the benefits of keeping them since machines previously assigned will just go back to that but in this case it made it difficult for me to get print jobs going for my family members when I was not home.

    Any suggestions of questions are appreciated.

    Thanks - sorry for the long post but I try to answer questions which may come up.

    Update. Just a few minutes after I was able to get an IP address the printer went back to that old weird IP address
    rebooting the SG-1100 seems to help for a few minutes and then back to the old problem.



  • @alfaro

    DHCP addresses are not automatically released, until the lease time expires. For it to happen earlier, the client must release it.


  • LAYER 8 Global Moderator

    @alfaro said in DHCP leases are not automatically released:

    DHCP range but it seems that if pf Sense has exhausted the available IP addresses it will not allow a new device to connect.

    Nonsense, pfsense will not give out a new lease if it is out of leases... If your network is 192.168.1.0/24 and you had dhcp scope of say .100-110.. 111 or greater or 99 or less could connect just fine as long as they don't step on some other devices IP. And you set the mask and gateway, and possible dns correctly. You would not have any issues.

    Or you had not set pfsense to use static arp..
    https://docs.netgate.com/pfsense/en/latest/dhcp/dhcp-server.html
    Deny Unknown Clients / Static ARP

    Using the “Deny unknown clients” option, DHCP access can be prevented for any client which is not listed in the list at the bottom of the page. Similarly, Static ARP may also be enabled to further restrict access so that only those clients listed can talk to the pfSense router.



  • @JKnott

    Thanks for the reply.

    I am aware of that but that is where the problem gets interesting. I see the expired leases and for the most part they are not getting reused (at least by the SG-1100 I am using). stopping and or restarting the DHCP server does nothing and some of those expired leases are from devices which are showing as expired, but my understanding is they should just disappear, and I have not had on my network in some cases more than 2 weeks.


  • LAYER 8 Global Moderator

    why would you think they would disappear? If its expired, then pfsense could issue it - doesn't matter if its still listed. Pfsense will not reuse those old expired ones until it has run out of unissued leases..

    Lets say you have .100 to .110

    And client at .101 has gone and lease expired..
    Once pfsense has gone through .110 and needs to hand out a new client it can reuse the .101 lease to a new client. Doesn't mean it will clean up the old expired listings.

    If you don't like them in there - just clear them out.



  • @johnpoz
    Hello, thank you for your reply.

    I am not sure if I am confused or if I didn't make things clear.

    That is what I mean. pfsense is not allowing my printer to get a new ip address (while the printer had the auto ip address choice selected) even when my ip range for may main network was for 75 devices. At the time there I believe 24 devices connected, so there were plenty of available IPs to be assigned by the DHCP server in the SG-1100. However, that did not happen. It happened in the IOT VLAN where I had maybe 8 devices at the time and the range of available IP address there is 50.

    I extended the range of my main network from 75 to 130 (before 192.168.1.100 to 175 and after to 230) and only then the printer was assigned the IP address, which I made pfsense asign 192.168.1.23 (outside the dhcp range) but it looked to me that while it was out of addresses it would not allow another device on. I do think it is weird. My DDwrt router did not have this problem.



  • @johnpoz

    Thank you for your reply.

    That is what I am trying to figure out, how to automatically clean them up/remove them so I will not have that problem. One by one works but it is long and tedious and maybe it can help others as well to know how to do it automatically.

    Besides a large number of IPs is not good for me as it makes it harder to monitor when something I do not want in my networks shows up.


  • LAYER 8 Global Moderator

    what problem??

    As stated just because the lease is listed it can be reused by dhcpd, as long as it has actually expired.

    If your running out of leases because you have old leases that have not year expired, reduce the length of your leases..

    If a client comes and gets a NEW lease vs a renew, and or doesn't release it.. Then they will sit there until they have expired before they can actually be used again.



  • @johnpoz
    Maybe I am asking too much from this device

    While I considered to use the "Deny unknown clients" option, when I do have guests over I like them to connect but my solution to this particular instance was to just create another VLAN for guests which I seldom use now.


  • LAYER 8 Global Moderator

    Not sure what that has to do with anything?

    Post up these leases your seeing in your lease table that you think should not be there.

    If you have say leases time set to 2 weeks for exmaple with a pool of only 10 addresses, and you get more than 10 clients that connect to this scope - and clients are not actually releasing! then yeah you could have a problem.. Set your lease to 12 hours or 24 hours or something - you need too pick an appropriate length for the number of clients you have and the number of leases you have made available.



  • BTW this is even more interesting now. I rebooted my SG-1100 twice now and the printer is still unable to get the IP address assigned and it is holding on to that weird IP address so I am not sure what it is. I have tried connecting it directly to the unifi switch but same result, ip stays in that wierd IP.


  • LAYER 8 Global Moderator

    By weird you mean 169.254.x.x - that is what clients give themselves when no dhcp is available...

    What does your dhcp log say on pfsense when client tries to get an IP? You should see the discover in the log!!



  • @johnpoz said in DHCP leases are not automatically released:

    Not sure what that has to do with anything?

    Post up these leases your seeing in your lease table that you think should not be there.

    If you have say leases time set to 2 weeks for exmaple with a pool of only 10 addresses, and you get more than 10 clients that connect to this scope - and clients are not actually releasing! then yeah you could have a problem.. Set your lease to 12 hours or 24 hours or something - you need too pick an appropriate length for the number of clients you have and the number of leases you have made available.

    Thanks for the reply. Since I started working on this problem earlier today I did read that they could be removed manually which what I did for a lot of them. I them reduced the DHCP range to just 30 IP addresses and restarted the service to boot as many as I could from the list and it helped. I am posting what I have this very moment. this is inly for my main network, I am excluding the IOT network:

    192.168.1.124 b8:ca:3a:b5:96:70 2019/05/03 12:59:44 2019/05/03 14:03:55 offline expired
    192.168.1.120 f8:a9:63:e1:f2:be 2019/04/21 21:30:35 2019/04/21 23:30:35 offline expired
    192.168.1.102 6c:ad:f8:80:e0:5c 2019/04/09 17:59:00 2019/04/09 18:13:51 offline expired
    192.168.1.130 b8:27:eb:ef:da:40 2019/03/28 23:08:25 2019/03/29 01:08:25 offline expired
    192.168.1.111 6c:33:a9:9a:d7:86 2019/03/24 00:04:57 2019/03/24 00:35:28 offline expired
    192.168.1.129 00:1a:97:01:cd:8b 2019/03/24 00:29:11 2019/03/24 00:30:05 offline expired
    192.168.1.118 10:1f:74:49:ac:fa 2019/03/14 18:36:12 2019/03/14 20:36:12 offline expired
    192.168.1.127 00:c2:c6:76:ce:88 2019/03/13 15:59:51 2019/03/13 17:59:51 offline expired


  • LAYER 8 Global Moderator

    @alfaro said in DHCP leases are not automatically released:

    192.168.1.124 b8:ca:3a:b5:96:70 2019/05/03 12:59:44 2019/05/03 14:03:55 offline expired

    That lease can be reused and would be if runs out of FREE leases.. But as stated it would still be listed and not used until FREE leases are used up.

    This allows for say the client to come back even after it has expired and get the same IP.



  • @johnpoz

    Sorry, I should have been more specific and remember where I was posing this to, nobody replying here is like a noob. Yes, by weird that is what I mean. HP printers seem to have been programmed to use either 169.254.96.32 or 169.254.96.20. I got the .32 address but when printers can't connect to a network and/or get and IP address, they get one of those two (at least) based on what I read on the HP forums earlier today.


  • LAYER 8 Global Moderator

    Yeah well sometimes they do not handle going back to dhcp very well..

    Look in your dhcp log - do you see a discover from the printers mac? If you do not then no you can not give it an IP... What does the dhcp log show you? you will see it either send and offer, nothing or a nak, etc.



  • @johnpoz said in DHCP leases are not automatically released:

    @alfaro said in DHCP leases are not automatically released:

    192.168.1.124 b8:ca:3a:b5:96:70 2019/05/03 12:59:44 2019/05/03 14:03:55 offline expired

    That lease can be reused and would be if runs out of FREE leases.. But as stated it would still be listed and not used until FREE leases are used up.

    This allows for say the client to come back even after it has expired and get the same IP.

    Thanks again.

    I read you loud and clear and that is my understanding. So, I am just guessing that is a behavior (maybe undocumented) of the DHCP server? Just guessing because when I increased the range to 130 IP addresses, it just worked. Now I am having the problem again as the printer has again lost the IP address. Not sure what it is then,......

    BTW, just so I am aware and I like to refine my communication, did the long initial post make a point or did it create more questions? I am trying to be more clear and concise when I post in forums and am looking for some feedback. Thanks again for taking the time to reply. Netgate forums seems to have a a very active community.



  • @johnpoz said in DHCP leases are not automatically released:

    Yeah well sometimes they do not handle going back to dhcp very well..

    Look in your dhcp log - do you see a discover from the printers mac? If you do not then no you can not give it an IP... What does the dhcp log show you? you will see it either send and offer, nothing or a nak, etc.

    I will look at the log when I sit down at the computer again in about 3 hours but I do have to take care of something else. I will leave a pc connected to the printer via USB and ubuntu so others can print until I can sort this out.

    Thanks for replying.


  • LAYER 8 Global Moderator

    There was a huge amount of info in your OP that has nothing to do with the actual problem and not needed to understand your issue.

    Be it lan or vlan or whatever - be it you have 100 networks or just 1 has nothing to do with a dhcp issue on a specific L2..

    Is the printer wired or wireless would be actual useful info! ;)

    If you tried setting an IP on the device and not working you have few things that it could be - bad cable? Bad wifi connectivity? You set the IP wrong, or mask wrong, etc.

    Or your doing something in pfsense with static arp, etc.. For devices like printers its prob a good idea to set a dhcp reservation.. So you always know what the printer IP.. For example my "wired" printer is 192.168.2.50, which I set static on the device. This is outside my 192.168.2/24 dhcp scope.


Log in to reply