Subnet collapses periodically since 24.11-RELEASE
-
@vf1954 yes, screenshot pfSense with the changed settings, or some evidence.
If you’re not saying anything in pfSense actually changes then it’s not pfSense. Unplug pfSense LAN, restart a client, and see what it’s IP and DHCP server are.
-
@SteveITS Fair enough. But why would pfsense just give up its DHCP authority ... randomly ... after 6-14 days?
-
@vf1954 said in Subnet collapses periodically since 24.11-RELEASE:
DHCP authority ... randomly ... after 6-14 days?
what authority?? When a client does a discover - the first dhcp server that answers wins..
If there is more than 1 dhcp server on your network - its a coinflip who will answer first.
You can run more than 1 on the same network.. But they need to hand out the same info.. This is can be done as a failover scenario - where you split the scope between then..
Say dhcpd1 hands out 192.168.1.10-128
Where dhcpd2 hands out 192.168.1.129-244Both point say to 192.168.1.1 for dns and gateway.. Leaving you .2-9 and .245-254 as IPs you can set statically on devices.
But if your handing out different IP range and different gateway - yeah your going to have a bad day on clients that get IP from that dhcp server.
-
@johnpoz Hello John,
Yes you taught me something new again. I thought DHCP holds authority.
But regardless, even if two DHCP servers were vying for the same "authority" (to grant leases), I'd expect, statistically, that many of the clients would choose 192.168.0.x and lose network/internet access and that that would appear sporadically during the day/week. This is not the behaviour. It is perfectly stable with netgate "in charge", all the time, for all clients, until suddenly every client decides to pivot to 192.168.0.x (albeit at different times, but once one goes the rest will follow within an hour).
You would think they all magically pick up netgate after a couple hours... but they don't either. the pfsense just become inaccessible until I console into it.
my two switches are hardcoded to be on 192.168.3.x address.
my 3 tp-link archer 5400 are set as 192.168.3.3 .4 .5 on easy-mesh with the primary dhcp = off.There is no other dhcp server afaik.
-
@vf1954 clearly there is.. Here do this.. Look at your client currently.
What does it list for the dhcp server?
$ ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i9-win Primary Dns Suffix . . . . . . . : home.arpa Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : home.arpa Ethernet adapter Local: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Friday, February 14, 2025 2:01:59 PM Lease Expires . . . . . . . . . . : Tuesday, February 18, 2025 2:02:00 PM Default Gateway . . . . . . . . . : 192.168.9.253 DHCP Server . . . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.3.10 NetBIOS over Tcpip. . . . . . . . : Enabled192.168.9.253 is my pfsense.. now if I look at the mac address
$ arp -a Interface: 192.168.9.100 --- 0x5 Internet Address Physical Address Type 192.168.9.10 00-11-32-7b-29-7d dynamic 192.168.9.253 00-08-a2-0c-e6-24 dynamic 192.168.9.255 ff-ff-ff-ff-ff-ff static 224.0.0.22 01-00-5e-00-00-16 static 239.255.255.250 01-00-5e-7f-ff-fa static 255.255.255.255 ff-ff-ff-ff-ff-ff staticSo its mac is 00-08-a2-0c-e6-24. If pfsense was out of the blue changing its IP and dhcp scope, that that mac address would be the same.
As to why your not seeing a random distribution, maybe pfsense dhcp answers faster - but when it goes offline the only one to answer is your other dhcp server.
Pfsense is just not going to randomly change its IP address.. You either changing it, or your loading a bad/old config? Looking to what mac address your dhcp server is at will tell you for sure that its pfsense, or its some other box.
-
@johnpoz I agree a second dhcp is somewhere lurking but I am at wits end to figure out where.
TP-Link: unless the tp link is acting out, it's off. I updated the firmware but that didn't have any effect.
Novell (OES2 server). It has dhcp disabled and the port to dhcp also blocked.
Pi-Hole: turned off (and even if it was turned on, it would serve 192.168.3.x)
Switches: no dhcp server capability (afaik)
We have several unmanaged switches connecting various PCs in an office back to one of the switches...
that's it.
-
@vf1954 well next time it happens, check the mac - that should help you track down what is doing it.
Or turn off the dhcp server in pfsense.. Do a release and renew on some client, that you were seeing this before.. Does it get the 192.168.0 address.. If so what is the mac of the dhcp server and hope you can track it down from that. The first 3 numbers of the mac should tall you what brand of device it is atleast.
Unless your switches are all just dumb switches, managed and smart switch can provide dhcp.
edit: I mean it could be possible if pfsense is rebooting to an old config or something.. When you console in, look to see what IPs are on the interfaces, etc. I just find that so highly improbable.. What makes more sense and quite possible to happen is something else serving dhcp..
Checking the mac address of dhcp server IP when you get the wrong lease and IP should tell you for sure.. My money is on rogue dhcp and not pfsense just spontaneously changing its IP of an interface and handing out different dhcp info
