Apple devices intermittently drop connection and cannot find DHCP server.

Alex 5

Hello everyone

I have recently installed a Netgate Sg3100 firewall into my network.
I have 10 Ruckus R650 APs and 2x Ruckus icx1750 switches.
There are no VLANS on the network.
DNS Servers are:
127.0.0.1
208.67.222.222
8.8.8.8
and DNS server override is unchecked.

The behaviour:
Macbooks, Iphones and iPads intermittently drop connection, and show that they cannot find the DHCP server (have a self assigned 169.254.x.x address). Turning the wifi on and off again fixes the issue and the device immediately get an IP in the lease range.
Only on wireless devices, have not seen this happen on wired IMAC

What I have done so far:
I have statically assigned IPs for some offending devices, has not helped
I have disabled IPV6 on some offending MacBooks, has not helped

Other comments:
I have noticed in the general system logs that this has been coming up almost constantly;
arpresolve: can't allocate llinfo for <IP> on mvneta2

I changed the WAN DHCP advanced timing settings from Saved CFG to FreeBSD , which seems to have stopped this log coming up. Not sure if this is related to the issue of devices dropping off as described above.

I can also see in the DHCP logs that pf sense is creating a new resolv.conf file and RENEW approximately every 2 minutes.

I also live in Australia and have an Optus NBN Hybrid Fibre Coaxial connection, which may need a PPOE config, I have done some research and I am still unsure if this is the case. Given that our internet access has been fine I would think that it is not required, but may be wrong.

I have looked through many forums and have not found a definitive answer to the issue, so any input is appreciated.

Gertjan

With this phrase :

@alex-5 said in Apple devices intermittently drop connection and cannot find DHCP server.:

I have statically assigned IPs for some offending devices, has not helped

you have some what eliminated a DHCP issue.

There is a second way to check that DHCP isn't the issue :
Connect a wired device to pfSense, login, an look at the DHCP logs.

Now, connect a wireless device.
Do you see DHCP requests coming in from that device ? You shiuld see it's MAC address, and some DHCP negotiation.

If it isn't there : you have a solid proof the traffic from that device doesn't reach pfSense.

So, change cables, switches and/or access points.

Alex 5

@gertjan Yes, I can see a request and a packet sent to devices on both Wired and wireless connection.

If there is some kind of interference, I presume that that could cause the device to lose connection, (not actually disconnect from the AP / wifi) and then may be unable to communicate to the DHCP server.

Is that you you think is likely happening? Are there any settings on my Ruckus devices that I could change to mitigate this?

mr.rosh

is fast roaming enabled on AP's

bcruze

if you can't ping the gateway address (which is what it is trying to find)

i don't see how this is a Pfsense or firewall issue. this sounds like a configuration issue with the wireless access points

SteveITS

@alex-5 What wireless APs are you using? This sounds similar to what I ran into with my eero system at home after iOS 14.5. If WPA3 is enabled in the eero settings, the iOS devices can't connect when they would switch APs. eero says it has to do with how iOS is handling private MACs. Disabling WPA3 fixes it, otherwise the workaround I found was to toggle the private MAC setting on the device (either to off or on). IOW it seems like the eero blocks the MAC for a bit and switching MACs fixes it for a while.

JKnott

@alex-5 said in Apple devices intermittently drop connection and cannot find DHCP server.:

127.0.0.1

That implies there's a DNS server on whatever device that is. Is there?

Alex 5

@mr-rosh No, I disabled 802.11.r FT roaming and 11.k neighbour list report as some devices could not join with those enabled.

Alex 5

@steveits I am running Ruckus R650s, and unfortunately am using WPA2. I have turned off private Mac address on my iPhone, so will see if this makes any improvement. Thanks you @SteveITS

alexm2019

@alex-5
Apologies for the old thread revival. What you describe matches my issue almost exactly. Did you ever find a good solution?

Alex 5

@alexm2019
Hi
In the end it was because my switch was not delivering enough power to the APs, even though it was technically possible.
The R650s draw a lot of power, so I ended up installing dedicated poe injectors. Disabling the 5 Ghz radio also works, but obviously not ideal.

alexm2019

@alex-5
Thanks. That’s got to be the only thing I haven’t tried yet. Separate poe unit ordered and on the way.