Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 47 subscribers
  • Views 39426 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Static IP mapping for same client multiple networks?

KyleK

I have two networks setup that are vlan tagged and on a LAG interface. I have a client that can connect to both of those networks and would like to assign a static IP address to that client on both networks. Initially I assigned a static IP address in the DHCP options on the one network but then noticed whenever the client tried to connect to the second network they would receive no DHCP lease. Looking through the forums I found the option "system dhcp static-entry-scope global" which alleviated this problem. However I am still unable within the web interface to assign the same MAC on multiple networks in the DHCP "Static IP MAC Mapping". It works fine on one of the networks but then when I try it on the second I receive: "DHCP Configuration with the same hostname/MAC address/DUID address already exists, choose a different hostname/MAC address/DUID address"

Is this a limitation or is there another shell command I need to run to enable this?


Appreciate the help.



This thread was automatically locked due to age.
  • 0
    Dear all,

    I have the same issue.
    In my case i get the static IP assigned in DHCP settings of VLAN 1 also in VLAN 2 (different IP Network) instead of getting a free ip out of the dhcp range of vlan2.
    I`m also not able to create a second ip mapping for same MAC on DHCP of VLAN 2.

    BR,
    Jose
  • 0 in reply to mjoschi

    I'm seeing this same behavior.

    Port1 (native VLAN) is assigning IP addresses from the proper DHCP pool to my "normal" SSID, which is untagged, same VLAN as the XGFW Port1.

    Port1.200 (VLAN 200) is not assigning IP addresses from correct subnet.  It's assigning from the DHCP pool for the native VLAN.

    There is no setting I can find to map the DHCP pool to the Port1.subinterface correctly.

    This means that guest traffic is co-mingled with the LAN, and no bandwidth rules are working.

    This is a huge security risk, as well as a fine way to eat up bandwidth by multiple guests using YouTube at HD resolution.

  • 0

    Hi KyleK,

    Below command might help you out to resolve your issue.

    console> system dhcp one-lease-per-client show
    enable
     
    console> system dhcp one-lease-per-client disable

    Regards,

    Vishal Patel

  • 0 in reply to AlanLeghart

    Hi 

    You can map dhcp pool to sub interface from the dhcp configuration page itself.

    And if your dhcp request has a tag of 200 then it would be forwarded to Port1.200 port.

    Regards,

    Vishal Patel 

  • 0 in reply to vishaljpatel

    It seems I run into the same limitation.

    I want to add the same MAC address in 2 different DHCP names, where each is linked to a different interface.

    At this moment I receive a static IP for one interface, and a dynamic ip for the other interface, and I can switch between the 2 interfaces without issues.

    The error "DHCP Configuration with the same hostname/MAC address/DUID address already exists, choose a different hostname/MAC address/DUID address" remains when trying to assign a static ip in the other interface.

    The one-lease-per-client was disabled.

  • 0 in reply to vishaljpatel

    Hi Vishal, 

    I have the same issue.

    And the command "system dhcp one-lease-per-client disable" doesn't work.

    Any update?

    Shunze

  • 0 in reply to ShunzeLee

    Dear All,

    I have created a case about the issue, case ID is 7214246.

    And support team answered me as following.

    I have tested your scenario in our local lab and tested. where also I was getting same error.
    Which means you can not bind multiple IPs on single MAC which you can called behavior. 
    ...
    As per the appliance architecture,
    it won't be possible to create multiple static entry in different DHCP scope on XG appliance. 

    It seems that Sophos won't support the feature in future.

  • 0 in reply to ShunzeLee

    Shunze,

    open a feature request and post the link here. I will give you my vote. This is a feature that will improve XG.

    Thanks for sharing your issue/ticket status.

  • 0 in reply to vishaljpatel

    Hi Visal,

     

    Is there an equivalent command/syntax for your disable command that can be run on the Sophos UTM (software home edition)?

     

    Thanks.

  • 0

    Here is a link to the feature request someone opened. Hopefully, we can get enough votes to have them add this in the near future.

     

    ideas.sophos.com/.../31221019-bind-multiple-ips-on-single-mac

Unfiltered HTML