Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. Running out of IP addressees in the WiFi Subnet, connection
problems of the clients. (Mehmet Ozturk)
----------------------------------------------------------------------
Message: 1
Date: Thu, 21 Dec 2023 11:32:08 +0200
From: Mehmet Ozturk <mehmetozturk.corpor...@gmail.com>
To: dhcp-users@lists.isc.org
Subject: Running out of IP addressees in the WiFi Subnet, connection
problems of the clients.
Message-ID:
<cam8-ptf+wojkxavzv2mbd3vp-phxhfwix8rnk-pxfg+t0+g...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Hi,
We are having a hard time with our ISC DHCPd version 4.4.1 server, which is
running on Ubuntu 22.04LTS. Using the configuration below (details removed
for security purposes), the WiFi pool runs out of IP addresses. The WiFi
Access points are 70+ units of Ruckus R550, R500, T310S, R510, with the
Controller Ruckus ZoneDirector ZD1200.
When this problem occurs, we see plenty of IP addresses in the Leases list
with unknown MAC addresses, all for 24 hours.
###############################################################
###############################################################
option tcode "Asia/Ankara";
option time-offset 10800;
option ntp-servers X.X.X.X;
option time-servers X.X.X.X;
db-time-format local;
option domain-name "xxx.com.tr";
option domain-name-servers 10.0.0.9, 10.0.0.46;
default-lease-time 3600;
max-lease-time 7200;
# Allow each client to have exactly one lease, and expire old leases if a
new DHCPDISCOVER occurs
one-lease-per-client true;
# Tell the server to look up the host name in DNS
# get-lease-hostnames true;
# Ping the IP address that is being offered to make sure it isn't
# configured on another node. This has some potential repercussions
# for clients that don't like delays.
# ping-check true;
# deny declines;
# deny bootp;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# A1 Building
subnet X.X.X.X netmask 255.255.255.0 {
authoritative;
range X.X.X.X X.X.X.X;
option domain-name-servers X.X.X.X , X.X.X.X;
option routers X.X.X.X;
option domain-name "xxx.com.tr";
}
# XXX HALL
subnet X.X.X.X netmask 255.255.255.0 {
authoritative;
range X.X.X.X 1X.X.X.X;
option domain-name-servers X.X.X.X , X.X.X.X;
option routers X.X.X.X;
option domain-name "xxx.com.tr";
host TEST-NUC {
hardware ethernet ZZ:ZZ:ZZ:ZZ:ZZ:ZZ;
fixed-address X.X.X.X;
}
}
# XXX-NET_WIFI_PUBLIC
subnet 172.16.128.0 netmask 255.255.224.0 {
# Set default lease time to600 seconds (10 minutes)
default-lease-time 600;
# Set maximum lease time to 3600 seconds (2 hour)
max-lease-time 7200;
# Enable DHCPv4 authoritative mode
authoritative;
# Provide domain name servers for DNS resolution
option domain-name-servers 10.0.0.46, 10.0.0.9;
# Set default gateway to 172.16.128.1
option routers 172.16.128.1;
# Set domain name for hosts on this subnet
option domain-name "xxx.com.tr";
# Set address-range-1 for DHCP clients
range 172.16.128.2 172.16.128.254;
.
.
.
# Set address-range-x for DHCP clients
range 172.16.159.1 172.16.159.254;
# Set subnet mask explicitly
option subnet-mask 255.255.224.0;
# Set broadcast address for the subnet
option broadcast-address 172.16.159.255;
# Configure NTP servers for time synchronization
option ntp-servers 10.0.0.46;
# Enable ping check to verify client connectivity
ping-check true;
# Set ping timeout to 5 seconds for DHCP client checks
ping-timeout 5;
# Deny duplicate IP address assignments
deny duplicates;
# Limit the number of concurrent requests from a client to 5
# This helps prevent abuse and resource exhaustion
one-lease-per-client true;
# Configure logging to monitor DHCP server activities
log-facility local7;
# Limit dynamic DNS updates
ddns-update-style none;
# Restrict dynamic updates to only known clients
ignore client-updates;
deny client-updates;
# Disable BOOTP support
allow bootp;
deny bootp;
}
class "black-hole" {
match substring (hardware, 1, 6);
# deny booting;
ignore booting;
}
subclass "black-hole" AA:AA:AA:AAAA:AA; #USER-1
subclass "black-hole" BB:BB:BB:BB:BB:BB; #USER-2
subclass "black-hole" CC:CC:CC:CC:CC:CC; #USER-3
###############################################################
###############################################################
The "/var/lib/dhcp/dhcpd.leases" file includes the details below regarding
those Unknown-MAC-Address leases ;
##################################################################################
lease 172.16.129.99 {
starts epoch 1702534536; # Thu Dec 14 08:15:36 2023
ends epoch 1702620938; # Fri Dec 15 08:15:38 2023
tstp epoch 1702620938; # Fri Dec 15 08:15:38 2023
cltt epoch 1702534536; # Thu Dec 14 08:15:36 2023
binding state abandoned;
next binding state free;
rewind binding state free;
}
lease 172.16.159.232 {
starts epoch 1702534594; # Thu Dec 14 08:16:34 2023
ends epoch 1702620996; # Fri Dec 15 08:16:36 2023
tstp epoch 1702620996; # Fri Dec 15 08:16:36 2023
cltt epoch 1702534594; # Thu Dec 14 08:16:34 2023
binding state abandoned;
next binding state free;
rewind binding state free;
}
##################################################################################
The "/var/log/syslog" file includes the log lines below regarding the
Leases;
##################################################################################
Dec 14 08:15:30 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:30 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:31 dd dhcpd[118025]: message repeated 11 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:31 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:31 dd dhcpd[118025]: message repeated 3 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:31 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:32 dd dhcpd[118025]: message repeated 44 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:32 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:32 dd dhcpd[118025]: message repeated 3 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:32 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:32 dd dhcpd[118025]: message repeated 19 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:32 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:33 dd dhcpd[118025]: message repeated 13 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:33 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:33 dd dhcpd[118025]: message repeated 10 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:33 dd dhcpd[118025]: Reclaiming abandoned lease 172.16.129.99.
Dec 14 08:15:33 dd dhcpd[118025]: message repeated 2 times: [ Reclaiming
abandoned lease 172.16.129.99.]
Dec 14 08:15:35 dd dhcpd[118025]: DHCPOFFER on 172.16.129.99 to
fe:02:fa:00:d8:02 via 172.16.128.1
Dec 14 08:15:35 dd dhcpd[118025]: DHCPOFFER on 172.16.129.99 to
02:7d:d5:93:89:1a via 172.16.128.1
Dec 14 08:15:36 dd dhcpd[118025]: DHCPREQUEST for 172.16.129.99 (10.0.0.9)
from fe:02:fa:00:d8:02 via 172.16.128.1
Dec 14 08:15:36 dd dhcpd[118025]: DHCPACK on 172.16.129.99 to
fe:02:fa:00:d8:02 via 172.16.128.1
Dec 14 08:15:36 dd dhcpd[118025]: DHCPREQUEST for 172.16.129.99 (10.0.0.9)
from 02:7d:d5:93:89:1a via 172.16.128.1: lease 172.16.129.99 unavailable.
Dec 14 08:15:36 dd dhcpd[118025]: DHCPNAK on 172.16.129.99 to
02:7d:d5:93:89:1a via 172.16.128.1
Dec 14 08:15:38 dd dhcpd[118025]: Abandoning IP address 172.16.129.99:
declined.
Dec 14 08:15:38 dd dhcpd[118025]: DHCPDECLINE of 172.16.129.99 from
fe:02:fa:00:d8:02 via 172.16.128.1: abandoned
Dec 14 08:16:33 dd dhcpd[121304]: DHCPOFFER on 172.16.159.232 to
fe:f7:0d:d9:de:2f via 172.16.128.1
Dec 14 08:16:34 dd dhcpd[121304]: DHCPREQUEST for 172.16.159.232 (10.0.0.9)
from fe:f7:0d:d9:de:2f via 172.16.128.1
Dec 14 08:16:34 dd dhcpd[121304]: DHCPACK on 172.16.159.232 to
fe:f7:0d:d9:de:2f via 172.16.128.1
Dec 14 08:16:36 dd dhcpd[121304]: Abandoning IP address 172.16.159.232:
declined.
Dec 14 08:16:36 dd dhcpd[121304]: DHCPDECLINE of 172.16.159.232 from
fe:f7:0d:d9:de:2f via 172.16.128.1: abandoned
##################################################################################
In order to prevent this happening, we added the lines below;
###############################################################
ddns-update-style none;
deny declines;
deny bootp;
###############################################################
But this time, the users started complaining about not being able to
connect. When checked, we saw plenty of error lines like below in the
syslog file;
###############################################################
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.134.41 from
9a:ab:a2:7c:99:65 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.155.171 from
46:71:ed:54:a6:c6 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.140.207 from
ae:0d:7b:f5:29:50 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.158.14 from
6a:6f:94:cd:04:b8 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.150.178 from
5e:44:2a:d6:3c:6a via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.158.203 from
62:fb:21:37:0a:e5 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.150.19 from
0a:76:41:7c:41:b6 via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.154.160 from
f2:14:c3:9d:08:3d via 172.16.128.1: ignored
Dec 12 13:03:58 dd dhcpd[26388]: DHCPDECLINE of 172.16.144.224 from
52:a4:78:23:13:97 via 172.16.128.1: ignored
###############################################################
The DHCP server/service on the Ruckus Controller has a very limited
capacity in terms of IP address to be handled, so we can't use it.
Any suggestions ?
Mehmet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20231221/c2a76faf/attachment-0001.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 181, Issue 2
******************************************
