DHCP Lease Pool Exhausted and Disabled Leases not deleted
-
DHCP Lease Pool exhausted and disabled Leases not deleted what can i do help
-
@jbariyo what do you mean by disabled? You can delete a lease that is not active. ie no device currently active on that IP.
You may want to clear the arp cache on pfsense - cache normally lasts 20 minutes.
If your lease shows a green arrow - this means that it is currently in the arp cache and no you wouldn't be able to delete it from the gui.
You would have to directly edit the lease file to delete them.
-
@jbariyo said in DHCP Lease Pool Exhausted and Disabled Leases not deleted:
DHCP Lease Pool exhausted
Call the admin and ask him to make the pool bigger ?!.
Or
Allow/connect less devices to your network.@jbariyo said in DHCP Lease Pool Exhausted and Disabled Leases not deleted:
disabled Leases not deleted
Leases that are expired can still show up in the 'known' leases file, the file that shows up in the GUI ( Status > DHCP Leases ).
They are kept in the file, so if the device that used the now 'previous' lease comes back, it will get the same IPv4
If the DHCP pool starts to fill up, the not active leases will get recycled = used for new leases. -
Users complain of losing access to the network on the LAN and pfsense shows lease utilization goes all the way up to 90% plus, deleting the disabled IPs one by one is hectic i normally have to clear all DHCP leases to enable people to connect back to the network. What is the best default and maximum lease time i checked online for an 9-5 environment you can give 8 hours and 9 hours respectively i configured this today. However i have never faced this challenge before so i don't know...
-
Show some concrete number ? Like how many device are (trying to) connecting ?
Show the DHCP server settings.
And the 'LAN' network setting.For example : if you do this :
= my network is 255 - ( (192.168.1.1) + 192.168.1.255) = 255-2=249 IPv4s.
and this :
See the "192.168.1.1 - 192.168.1.254" ? ^^
where I created a pool between .70 and .200 = 130 IPs for my DHCP LAN network.
I have about 55 devices, but nearly (99 %) of them use static 'MAC' DHCP leases between 192.168.1.2 and 192.168.1.69.
Typically, a pool should be 10/20/30 % bigger as the maximum number of devices connected.
That's my own rule of course. I'm not sure if there is a more official rule for this.edit :
A joke :
What if I wrote a script on a device that :- Get a DHCP lease.
- Resets the interface, and generates a random MAC fro that interface.
3 Restart the interface. - Jump to 1.
In no time you wind up will plenty of valid (non expired) DHCPv4 leases, and your DHCP pool will be empty.
This will empty a 192.168.0.0/16 pool which is about 65k IPs in the pool.
Not that I've ever seen this happen before but (looking to the east) I've already encountered devices who really break do all they can (breaking all known RFC's) just trying exist to break your network.
I love those cameras, doorbell and other stupid light bubs. -
@jbariyo said in DHCP Lease Pool Exhausted and Disabled Leases not deleted:
9-5 environment you can give 8 hours and 9 hours respectively i configured this today
The default is 2 hours - what did you have it set to before.. You understand you could set it to 30 minutes or something if you wanted to.. If a client is still on they will just renew it. There is little need to set it for length of the work day.
If your scope is oversubscribed - ie more clients than you have IPs then you going to have a bad day if more clients are trying to be on at same time than you have IPs. How many clients do you have total.. You should prob setup your network to have more IPs than that. Be it you increase the scope size out of your network, or increase the network size by increasing the mask from say a /24 to a /23 or even a /22
Are these wireless clients? If clients are changing their macs on you - then yeah you could run through a more IPs via dhcp than you actually need. If so would make a short lease so that if client rotates their mac the old lease expires quickly so it could be re-used.
Do you have idiot users? (this is a given normally) where they have both wired and wireless at the same time - that are in the same network?
edit: As @Gertjan mentioned maybe the client is borked - I would look into a specific client when they complain this is happening. Are you really out of leases, is the client getting a 169.254? This is what a client will normally give itself when its set for dhcp and can not get a lease. Are you getting clients with duplicate IPs? I would look into the details of a specific failure so you better understand what is happening. Is there currently a lease for that client and it just not renewing and using up new leases, etc.
What dhcpd are you using isc or kea? Maybe there is an issue with reusing expired leases? More info on what is actually going on is always helpful.. But yeah if you are oversubscribed you either need allow for more IPs, or use really short lease times.. And just actually hope you never have more clients on at the same time than you could possible supply ips for.
-
@johnpoz i have set the dhcp time to 2 hours and 24 hours maximum as per default settings and i am going to watch and see what happens. In regard to the IPs the computers are over 79 if you include their personal phones per user the number goes up and with my previous config the issue was continuously re-surfacing when you go to someone's pc it shows no dhcp server found. However with the change in dhcp time i expect to see a change also might consider VLANs in the near future.
-
@jbariyo said in DHCP Lease Pool Exhausted and Disabled Leases not deleted:
... when you go to someone's pc it shows no dhcp server found
Then you can "click on some buttons, and press some keys" and you have the answer you're looking for on your screen.
Go to this "someone's pc", armed with your own device that has access to the pfSense GUI, and SSH.
Open a SSH, option 8 - and (if you use ISC DHCP) :tail -f /var/log/dhcpd.logas this shows you the dhcp server activity in real time.
On the "someone's pc" go command mode (cmd.exe) and execute :
ipconfig /renewand look at what shows up in your SSH access, the 'tailed DHCP log'.
You saw nothing ? Ok, the request never even reached pfSense (the pfSense DHCP server). So not a pfSense issue. (I suggest : VLAN problems)
You saw : DHCPOFFERED (or something like that) : the lease was offered. The PC didn't receive it ? Not your problem ^^
A message that says : POOL full ? Make the pool bigger.
Etc.
Share what you've found.DHCPv4 lease duration : 2 hours or 120 minutes, for networks with not frequent or not permanent visitors is fine. These device will auto renew if they are still there.
If the device is gone, the IP will be available after 2 hours max.
A pool with "200" or so lPs will cover your "80" devices easily.Btw : If you use kea (you 'should'), the lease info isn't in the DHCP server log anymore.
Bummer ...
So, do this. read the entire thread [10 minutes].
Then copy paste this on the "Services > DHCP Server > Settings" page :{ "loggers": [ { "name": "kea-dhcp4.leases", "output-options": [ { "output": "/var/log/kea-dhcpv4.log", "maxver": 8, "maxsize": 204800, "flush": true, "pattern": "%d{%j %H:%M:%S.%q} %c %m\n" } ], "severity": "INFO" } ] }This is what I use, and now I have a dedicated, auto pruned "DHCPv4 lease log file".
Tail it with :tail -f /var/log/kea-dhcpv4.log
