Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    DHCP Static Mapping not working when Address Pool Range is restricted to a single IP

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 198 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MoonLight 0
      last edited by

      Hello everyone,

      I'm experiencing a strange behavior with the DHCP server on pfSense.

      Here is my setup on a specific interface (STAFF):

      • Subnet: 192.168.1.0/24 (Obfuscated for privacy)
      • Deny Unknown Clients: "Allow known clients from only this interface" checked.
      • DHCP Pool Range: 192.168.1.254 to 192.168.1.254 (just 1 IP available).
      • I have configured DHCP Static Mappings for my known devices (outside of this pool range).

      Issue:
      When the DHCP pool is restricted to just that single IP (.254), my known devices with valid static mappings sometimes fail to receive their assigned IP addresses. The interface UI shows the pool as "100% of 1" used (similar to the attached screenshot).

      image.png

      However, if I expand the DHCP pool range to allow more IPs, the static mappings start working perfectly again.

      Why does the DHCP daemon require free IPs in the dynamic pool to serve static mappings, especially when "Deny Unknown Clients" is enabled? Is this a known limitation of the underlying DHCP backend, or am I missing a configuration step?

      Thank you for your help!

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @MoonLight 0
        last edited by Gertjan

        @MoonLight-0

        5783f235-21c9-4239-9826-5918f20689d0-image.png

        so my pool is .200 to .200.
        All my LAN devises uses static MAC DHCPv4 settings.

        The PC I'm using right now uses 192.168.1.6 - with a static MAC setup.
        It's a Windows device, so I executed a :

        ipconfig /renew

        No errors messages on my PC, the IP still was using 192.168.1.6. The end of the lease (ipconfig /all) was now further in the future. Looks good.

        Let's fact check : to make a long story short, I can see the DHCP requests from my LAN networks.
        This is what I saw - logged at the same moment :

        139 07:07:46.314 kea-dhcp4.leases DHCP4_LEASE_ALLOC [hwtype=1 a4:bb:6d:ba:16:a1], cid=[01:a4:bb:6d:ba:16:a1], tid=0x6cdcfb60: lease 192.168.1.6 has been allocated for 21600 seconds
139 07:07:46.315 kea-dhcp4.leases DHCP4_LEASE_REUSE [hwtype=1 a4:bb:6d:ba:16:a1], cid=[01:a4:bb:6d:ba:16:a1], tid=0x6cdcfb60: lease 192.168.1.6 has been reused for 21141 seconds

        But I guess I already (I saw it) presume there is another 'issue' : you are not using the kea DHCP server, you are using ISC ?

        No "help me" PM's please. Use the forum, the community will thank you.

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          MoonLight 0 @Gertjan
          last edited by

          Hello @Gertjan, thank you for your comment,

          You've described the typical behavior of the DHCP server and what I would expect with this configuration, but sometimes, even when the device's MAC address is correctly registered in a static mapping, the device gets that last IP address (in your case: 192.168.1.200), and then it's as if pfSense were saying that the DHCP range is full, so it doesn't even check the static mappings. I'm using KEA DHCP.

          Thanks!

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @MoonLight 0
            last edited by Gertjan

            @MoonLight-0 said in DHCP Static Mapping not working when Address Pool Range is restricted to a single IP:

            even when the device's MAC address is correctly registered in a static mapping, the device gets that last IP address (in your case: 192.168.1.200

            More details about my "192.168.1.6" device :

            bdd82371-fd77-44e6-aef5-f96c3e57b253-image.png
            If this device, on powerup, or DHCP discover or renewal, gets another IP for 'some reason' that would be a disaster for me.
            I would even qualify this as a security issue, as I've firewall based upon device LAN IP's.
            I use this kind of static MAC DHCP for all my LAN devices , for the past ... dono, couple of decades now.
            I don't recall ever seeing a device with a known static MAC getting another IP as the one I've assigned in pfSense.

            I'm aware of one possible issue : most "portable" devices will use by default a random MAC, and this option should be disabled when they connect to "your" LAN. If the user (or the OS after an update for example) re activated this option, that MAC will change, becomes 'unknown' : shouldn't even be able get get a lease as 'unknown now'. It shouldn't get '200' no matter what.

            I'm puzzled, as I can't image reasons why a known static MAC gets assigned another IP : the one and only IP avaible in your pool.

            You're using kea, so ok. As you've seen, kea (the pfSense implementation) doesn't produce a DHCPv4 request and assignment log, so I've build one myself. There is a forum thread in this part of the forum that shows you how to make that possible. This log won't be shown in the GUI but I don't mind, as I don't inspect it that often. Maybe this lease log will show you important details ?

            edit :
            You and I use the same DHCP server.

            No "help me" PM's please. Use the forum, the community will thank you.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.