How to make DHCP lease time for a long period?
-
Hi.
I am using pfsense 2.7.2 for my users in a company. I am using DHCP and users get IP automatically. For some reason I do not use static IPs.The problem happened today. When I came to work, I realized that all devices have been assigned new IP addresses by the pfsense. Every device on the network, (computers and mobile devices) are on their limit groups, and as the users and devices are consistent without change I want Pfsense to keep their assigned addresses for a long period. This is the current setting of the lease time:
Default Lease Time: 2592000
Maximum Lease Time: 2592000I set this in order to get the pfsense to keep the leases as long as it is defined. For example as long as a device connects to the firewall for at least upto 30 days, they still get the same IP address. Now I see all the IPs have been released and pfsense is assigning new IP to every device connecting to the firewall from this morning. Can anyone help me with this? thanks
-
@noonstarx did anyone change pfSense settings ? Delete the leases? Sure nothing else providing DHCP has been plugged in to the network?
The correct way to keep the same IP is by reservation: https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html#static-mappings
-
@SteveITS No. no one has access to Pfsense other than me. So no one changed anything. and no other DHCP on the network.
I suspect it might be the Default Lease Time and Maximum Lease time, being set the same amount? I am not sure. What do you think?
Last year I had set at least one of these two, and everything was working as expected. when I moved to this new release, now Ive faced this issue.
-
@noonstarx did you switch to kea vs isc dhcp?
-
@noonstarx said in How to make DHCP lease time for a long period?:
I set this in order to get the pfsense to keep the leases as long as it is defined. For example as long as a device connects to the firewall for at least upto 30 days, they still get the same IP address.
No need to use 'huge' lease times.
As soon as a device, identified with a MAC "aa:bb:cc:dd:ee:ff" connects,the lease handed out will be registered i DCPd's memory : the DHCPd server leases file.
On the device's side, the actual network will also be remembered, probably by assimilating the SSID used and the gateway's MAC address, so, the next time the device asks for a lease again, it will remember the network, ad ask for a preferred (the IP it had last time) IP.
If this IP is available - not allocated to some other device, then the device will get the same IP back every time.There is one condition : your pool size has to be bigger as the potential maximum devices connected in the "one month" (your example) time slot. If this is the case, your question is solved.
Using big leases won't help you if the pool is to small : the dhcp server will stop proposing leases.
-
^ exactly..
While I am a fan of longer lease times in my setup, why would you want more traffic for no reason.. I think I have my lease currently at 7 days..
Lets say you have 200 IPs to hand out.. How many clients do you have? If only a few it shouldn't ever be a problem, even if you had a 2 hour lease, and some box was off for 6 months.. Now if you have in total 210 clients, then yeah you can have problems if your leases are too long, or you could get clients switching Ips.
Once a device gets a lease, it should maintain that IP going forward, since it will just renew it at the 50% mark of its lease..
And lets say you turn that off for long time, when it comes back that lease should still be there even if it expired and the client should get that same IP back, even if doesn't specifically ask for that IP in its request..
The only time you could see a problem is if you have a bunch of clients, more than your pool size and you have some lease that expired and some new client comes on and the dhcpd says oh shoot I don't have any free leases, let me start handing out expired leases..
Normally dhcpd will run through all its free leases before it starts to look into expired leases to re-issue.
You should notice this as your IPs either count up from the low end of the lease 1, 2, 3 etc.. or it counts down 254, 253, 252 etc.
One problem I can see with really long leases, is client normally not going to get any changes or new things you might of added to the dhcp scope.. Lets say you had a 30 day lease, and you say changed the dns server your clients should use.. Possible you have clients that don't get that new info for 15 days..
Also I am a fan of reservations - if I want to make sure client X always has 1.2.3.4, I just set a reservation for that client. Doesn't matter if he off 1 hour, or 30 days.. That client will always get 1.2.3.4 from the dhcpd.. And the dhcpd will not hand that IP out to anyone else..