We'd love to hear about it! Click here to go to the product suggestion community
version 9.353-4 on a sophos 220
we have dhcp scopes set with the tick box "Clients with static mappings only"
we have hosts defined in definitions and userss >network defintions
the dhcp is giving out the ip addresses reserved for static hosts
so 2 problems
1. the rule static mappings only is not working
2. it is ignoring the static mappings also
In reply to Jaydeep:
In fact, plecavalier has more experience with ASG/UTM than I do, so this discussion has really been beneficial.
When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed. Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult. Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy. For example, I just got the following:
secure:/root # cc get_objects dhcp server|grep \'range 'range_end' => '172.16.31.110', 'range_start' => '172.16.31.101', 'range_end' => '192.168.66.254', 'range_start' => '192.168.66.100', 'range_end' => '10.100.100.63', 'range_start' => '10.100.100.40', 'range_end' => '172.16.2.199', 'range_start' => '172.16.2.100',
Cheers - Bob
Thanks again for the detailed response JayDeep. I'm assuming you meant "that option if not available".
I've had a bit of time to play with this now and 2 things come to mind...This is all based on the premise that static mappings and DHCP are best practice for a dynamic network environment.
1. When creating a host with an assigned IP, the system should check if that IP is already assigned or not. In a large scale network even though you can search and sort host definitions, it is prone to human error and therefore proper rudemantory checks by the system during creation should be performed.
1.1 one should not be able to create a host with an IP within a dynamic range
1.2 one should not be able to create a host with an IP matching an existing static mapping
In reply to plecavalier:
Please add your suggestion to Check the DHCP server's 'Range' when creating a Host with Static IP and vote for that. Others that pass by here should add a comment and a vote.
In reply to BAlfson:
Done. I also created Perform checks when creating host definitions
I thought all was well after I changed my ways; I know create pool with the "for static mappings only" option set which I then assign to when creating a host definition with a mac address entry and IP defined. However, After a few weeks, I've come across the following entry in the DHCP Server log:
2019:09:28-09:48:24 gw2 dhcpd: uid lease 192.168.1.155 for client 34:97:f6:36:2f:27 is duplicate on REF_DefaultInternal
Here's another one. Host is assigned 1.101 in the the static only pool range and somehow grabbed 1.159
2019:09:28-09:57:55 gw2 dhcpd: Dynamic and static leases present for 192.168.1.101.2019:09:28-09:57:55 gw2 dhcpd: Remove host declaration REF_NetHosPiwcwks101 or remove 192.168.1.1012019:09:28-09:57:55 gw2 dhcpd: from the dynamic address pool for REF_DefaultInternal2019:09:28-09:57:55 gw2 dhcpd: uid lease 192.168.1.159 for client 34:97:f6:36:26:24 is duplicate on REF_DefaultInternal2019:09:28-09:57:55 gw2 dhcpd: DHCPREQUEST for 192.168.1.101 from 34:97:f6:36:26:24 via eth02019:09:28-09:57:55 gw2 dhcpd: DHCPACK on 192.168.1.101 to 34:97:f6:36:26:24 via eth0
Again 1.101 is not in the dynamic pool range
ranges on int. Internal:
50-198 set to static mappings only
Why did 34:97:f6:36:26:24 have 1.159?
2019:09:28-09:57:55 gw2 dhcpd: Dynamic and static leases present for 192.168.1.101.
Some other device still has .1.101 leased.