dhcp static mapping not working

version 9.353-4  on a sophos 220

we have dhcp scopes set  with the tick box   "Clients with static mappings only"

we have hosts defined in definitions and userss >network defintions 

the dhcp is giving out the ip addresses reserved for static hosts

so 2 problems

1. the rule static mappings only is not working

2. it is ignoring the static mappings also

  • In reply to Jaydeep:

    In fact, plecavalier has more experience with ASG/UTM than I do, so this discussion has really been beneficial.

    When one clicks the [Make Static] button on the 'IPv4 Lease Table' tab, there should be a check that the IP to be used is outside the 'DHCP Range' listed.  Prior to that button existing, we just used the regular Host definition process, but that's probably more difficult.  Even then, a quick check to see if the assigned IP is in any DHCP range would seem to be easy.  For example, I just got the following:

    secure:/root # cc get_objects dhcp server|grep \'range
                            'range_end' => '172.16.31.110',
                            'range_start' => '172.16.31.101',
                            'range_end' => '192.168.66.254',
                            'range_start' => '192.168.66.100',
                            'range_end' => '10.100.100.63',
                            'range_start' => '10.100.100.40',
                            'range_end' => '172.16.2.199',
                            'range_start' => '172.16.2.100',

    Cheers - Bob

  • In reply to Jaydeep:

    Thanks again for the detailed response JayDeep. I'm assuming you meant "that option if not available".

     

    I've had a bit of time to play with this now and 2 things come to mind...This is all based on the premise that static mappings and DHCP are best practice for a dynamic network environment.

    1. When creating a host with an assigned IP, the system should check if that IP is already assigned or not. In a large scale network even though you can search and sort host definitions, it is prone to human error and therefore proper rudemantory checks by the system during creation should be performed.

    1.1 one should not be able to create a host with an IP within a dynamic range

    1.2 one should not be able to create a host with an IP matching an existing static mapping

  • In reply to plecavalier:

    Please add your suggestion to Check the DHCP server's 'Range' when creating a Host with Static IP and vote for that.  Others that pass by here should add a comment and a vote.

    Cheers - Bob

  • In reply to plecavalier:

    I thought all was well after I changed my ways; I know create pool with the "for static mappings only" option set which I then assign to when creating a host definition with a mac address entry and IP defined. However, After a few weeks, I've come across the following entry in the DHCP Server log:

    2019:09:28-09:48:24 gw2 dhcpd: uid lease 192.168.1.155 for client 34:97:f6:36:2f:27 is duplicate on REF_DefaultInternal

    2019:09:28-09:48:24 gw2 dhcpd: DHCPREQUEST for 192.168.1.109 from 34:97:f6:36:2f:27 via eth0
     
    So how is it possible that 34:97:f6:36:2f:27 was assigned 1.155 while it clearly was defined 1.109 in its host definition? What's worse, the range for the static only pool is 50-198. So not only did it have the wrong address but it was handed an address within the static only pool. As you can see by the second entry, it dropped 1.155 in lieu of 109 which corrected the issue but how did it end up with 155 in the first place? Luckily 1.155 isn't defined anywhere so it did not cause a conflict but it easily could have.
  • In reply to plecavalier:

    Here's another one. Host is assigned 1.101 in the the static only pool range and somehow grabbed 1.159

     

    2019:09:28-09:57:55 gw2 dhcpd: Dynamic and static leases present for 192.168.1.101.
    2019:09:28-09:57:55 gw2 dhcpd: Remove host declaration REF_NetHosPiwcwks101 or remove 192.168.1.101
    2019:09:28-09:57:55 gw2 dhcpd: from the dynamic address pool for REF_DefaultInternal
    2019:09:28-09:57:55 gw2 dhcpd: uid lease 192.168.1.159 for client 34:97:f6:36:26:24 is duplicate on REF_DefaultInternal
    2019:09:28-09:57:55 gw2 dhcpd: DHCPREQUEST for 192.168.1.101 from 34:97:f6:36:26:24 via eth0
    2019:09:28-09:57:55 gw2 dhcpd: DHCPACK on 192.168.1.101 to 34:97:f6:36:26:24 via eth0

     

    Again 1.101 is not in the dynamic pool range

    ranges on int. Internal:

    50-198 set to static mappings only

    200-249 dynamic

     

    Why did 34:97:f6:36:26:24 have 1.159?

  • In reply to plecavalier:

    2019:09:28-09:57:55 gw2 dhcpd: Dynamic and static leases present for 192.168.1.101.

    Some other device still has .1.101 leased.

    Cheers - Bob