Static ARP Mapping

NollipfSense · Nov 19, 2023, 6:44 PM

The ARP table has the IP address yet I cannot get the Static ARP mapping check mark like the first one...see below and I am wondering why?

NollipfSense · Nov 20, 2023, 5:38 AM

Well, although the Mac pro's IP was already in the ARP table, to get the check mark, one has to select create a static entry as below:

stephenw10 · Nov 20, 2023, 4:01 PM

Yes you have to set static ARP in the static dhcp lease entry. However I recommend not doing that. Setting static ARP almost always causes more problems than it solves.

NollipfSense · Nov 22, 2023, 4:07 PM

@stephenw10 said in Static ARP Mapping:

However I recommend not doing that. Setting static ARP almost always causes more problems than it solves.

Well, I had a problem with the Mac pro where I could not communicate with any clients on the network except pfSense. That's with the switch set as the first static mapped device. It was working and suddenly stopped. Also, on the Mac pro, it was configured for "using DHCP with manual address" and pfSense's configured DHCP lease range 105 - 254. The Mac pro is on 10.8.27.3 and it could ping the switch on 10.8.27.2 as well as I couldn't ping pfSense from the Mac pro. I could only ping the Mac pro from pfSense. I could not ping Proxmox or VM OpenMediaVault.

So, that's why I added the Mac pro to the static mapping however, if the scenario I described above could be the result of using ARP static mapping, it cost me several days baffled as to why I could not ping anyone else on the network except pfSense and even then, I could only ping the Mac pro from only pfSense. So, I changed the Mac pro to use manual address and that's how I resolved the issue.

stephenw10 · Nov 22, 2023, 5:08 PM

That is the sort of weirdness that static ARP can cause.

NollipfSense · Nov 24, 2023, 6:49 PM

@stephenw10 said in Static ARP Mapping:

That is the sort of weirdness that static ARP can cause.

It seems that my switch TP-Link (TL-2008p L2, l3, l4) is also contributing to the weirdness and acting like a firewall. There seems to be no way to assign it a static address and why I had decided to use static ARP mapping. I also need to read more on its manual.

johnpoz · Nov 25, 2023, 6:16 PM

@NollipfSense what version do you have? Are you trying to manage it from cli, or are you using the omada software?

What firmware are you running on the switch?

NollipfSense · Nov 25, 2023, 6:16 PM

@johnpoz said in Static ARP Mapping:

@NollipfSense what version do you have? Are you trying to manage it from cli, or are you using the omada software?

What firmware are you running on the switch?

John, its hardware version -TL-SG2008P 3.o, firmware - 3.0.5 built 20230602 Ref. 73473 and I am using the webGUI of the IP that pfSense's DHCP assigned. For unknown reasons, port 1 and port 3 not showing connected and traffic moving despite 1 is pfSense's LAN and 3 is a Mac pro. I can ping the Mac pro from pfSense only but not the Mac pro and I can access pfSense's webGUI from the Mac pro. Yet, port 1 and port 3 both show no traffic, or connected. This switch was recently purchase three or four months ago.

Thinking about pulling the trigger on a used Dell x1018P E11W 16port fully managed switch...

johnpoz · Nov 25, 2023, 7:06 PM

@NollipfSense I am not sure how much that webgui of that switch supports. My understanding those switches are meant to be managed via the controller.

Not a fan of such switches.. I mean they should work and clearly from the cli manual you can set a static IP on interface... You sure your on the actual admin IP, and not some vlan svi? That also could be limited?

NollipfSense · Nov 25, 2023, 8:33 PM

@johnpoz said in Static ARP Mapping:

Not a fan of such switches.. I mean they should work and clearly from the cli manual you can set a static IP on interface... You sure your on the actual admin IP, and not some vlan svi? That also could be limited?

Should have asked the forum before purchasing...here is the webGUI with IP from pfSense's DHCP and the two ports noted by arrows...just downloaded the CLI guide...not a fan. That's was why I turned to pfSense static ARP mapping.

johnpoz · Dec 7, 2023, 3:45 PM

@NollipfSense here is what I can tell you about static arp and 23.09.. So it seems that if you set static arp, and then the client does some dhcp stuff you could see the arp go from perm to dynamic.. Resaving will set it back to static in the arp table.

Pretty sure there is a redmine about this already, and believe fixed in the upcoming 24.03..

And also ran into an old thing that hadn't noticed before but have been paying more attention to the dhcp log, etc. Along with the issue with dhcp answering from a non 67 port that some are seeing - you can replace the dhcpd binary from 23.05 and this seems to correct that problem.

And also was seeing uid lease duplicate - which has to do with client got a lease, then you set static and the old lease is still there even though the client gets the static, it logs that there is duplicate, some have seen issues with this.

Fix for those entries is make sure you flush the old lease, I did it by hand by editing the dhcp.leases file..

So in general there is quite a bit of stuff going on with dhcp in general - also the move to kea version not supporting all features, etc. etc. I would hope they have all the issues worked out by next release.

I have not run into anything that is a major problem, some log spam if you will and static arp not staying as perm can be problematic if you want to actually set a static..

NollipfSense · Dec 7, 2023, 3:45 PM

@johnpoz said in Static ARP Mapping:

So in general there is quite a bit of stuff going on with dhcp in general - also the move to kea version not supporting all features, etc. etc. I would hope they have all the issues worked out by next release.

I found out that it was really kea dhcp not letting go of leases that was the culprit. I have gotten rid of the static mapping.