DHCP restriction problem

wolfsden3 · Mar 9, 2022, 4:41 PM

I'm trying to deny mac addresses from one pool & allow them to another pool that's on a vlan siting on the LAN interface (maybe that's my problem as I didn't use an "opt" physical interface). As soon as I put in the deny for the first part of the mac 805EC0 the service crashes and no longer offers addresses on that LAN interface or the vlan interface.

I'm farting around with settings but not having much luck. I even tried the 132 option on the LAN interface to tell it that the phone (Yealink) is on vlan 10 but so far a no go.

Is there something wrong with the DHCP server config on PFSense? I'm on the latest beta :-)

Jul 20 13:08:40 	dhcpd 	63467 	process and the information we find helpful for debugging.
Jul 20 13:08:40 	dhcpd 	63467 	before submitting a bug. These pages explain the proper
Jul 20 13:08:40 	dhcpd 	63467 	bugs on either our web page at www.isc.org or in the README file
Jul 20 13:08:40 	dhcpd 	63467 	than a configuration issue please read the section on submitting
Jul 20 13:08:40 	dhcpd 	63467 	If you think you have received this message due to a bug rather
Jul 20 13:08:40 	dhcpd 	63467 	Configuration file errors encountered -- exiting
Jul 20 13:08:40 	dhcpd 	63467 	one range statement.
Jul 20 13:08:40 	dhcpd 	63467 	Pool declarations must always contain at least
Jul 20 13:08:40 	dhcpd 	63467 	^
Jul 20 13:08:40 	dhcpd 	63467 	}
Jul 20 13:08:40 	dhcpd 	63467 	/etc/dhcpd.conf line 27: Pool declaration with no address range.
Jul 20 13:08:40 	dhcpd 	63467 	^
Jul 20 13:08:40 	dhcpd 	63467 	ignore members of "805EC0";
Jul 20 13:08:40 	dhcpd 	63467 	/etc/dhcpd.conf line 24: expecting a parameter or declaration

The thing that seems to crash this is when I tick this option on the web interface!

Ignore denied clients

Denied clients will be ignored rather than rejected. This option is not compatible with failover and cannot be enabled when a Failover Peer IP address is configured

After I ticket that and click save > crashes the DHCP service with the above configuration file errors.

SteveITS · Mar 9, 2022, 4:41 PM

@wolfsden3 Arg, we just discovered this as well.
It logs:
Mar 9 10:16:06 dhcpd 7135 ^
Mar 9 10:16:06 dhcpd 7135 ignore members of "c81f6640c544";
Mar 9 10:16:06 dhcpd 7135 /etc/dhcpd.conf line 22: expecting a parameter or declaration
Mar 9 10:16:06 dhcpd 7135 ^

pool {
	ignore members of "c81f664xxxxx"; <-- line 22
	ignore unknown-clients;

	range 10.x.x.30 10.x.x.39;
}

Unchecking that option changes it to
deny members of "c81f664xxxxx";
deny unknown-clients;

...and the service starts fine.

If I remove "c81f664xxxxx" from the MAC Deny list, and check that checkbox, that line isn't there and the service starts fine.

Redmine issue.

SteveITS · Mar 10, 2022, 3:29 PM

Patch was posted to the Redmine, to apply via the patch ID in System Patches package.