Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 35274 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP Reservations Not Working

LawrenceReynolds

I have a Sophos UTM 220. We have four DHCP server scopes setup. 192.168.1.xx, 2.xx, 3.xx, 4.xx. The 4.xx server is designated as the guest network. We have setup network definitions for computers on the 1.xx, 2.xx, and 3.xx network. However when computers, that have a reservation on one of these networks, are turned on and log on they are getting an ip address on the guest network instead of their network definition ip address. Right now to prevent this we have to disable the guest network. Once disable the computers will get the proper ip address according to the network definition. Why is this happening? To fix it right now we are having to ipconfig /release and then ipconfig /renew. Then they get the proper ip address and work good. But later on they will once again get a ip address on the guest network. Not sure what is going on!! Please suggest.



This thread was automatically locked due to age.
  • 0
    I had a similar issue a while back (not with the Sophos), and it turned out that our VLANs were misconfigured. Some ports were tagging with the wrong VLAN identifiers and because of that, the PCs on those networks were being assigned incorrectly. If you're using VLANs, I would check there and make sure that there isn't an extra tag or two being used.
  • 0 in reply to JoshSauer
    Not Using VLAN. Thanks anyway for the imput
  • 0
    Are the static addresses assigned from outside the scope of your DHCP server instances? From the Built-in help/admin guide:
    "Add Static Mapping to New Host Definition
    ...
    IPv4 address: Change the IP address to an address outside the DHCP pool range.

    Note – When converting a lease to a static mapping you should change the IP address so that it is no longer inside the scope of the DHCP pool. However, if you change the IP address, the address used by the client will not change immediately, but only when it tries to renew its lease for the next time."
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Hi, Lawrence, and welcome to the UTM Community!

    I'm not sure what you're describing, but if you activate more than one UTM DHCP server on an Ethernet segment, you will not be successful.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Scott_Klassen
    I created the static mappings from management/network definitions/add new network definition. I did not ever convert a lease to a static mapping via network services/dhcp/ip4lease table. This happens quite frequently but not on all computers at the same time. Most computers will get their assigned ip address but then others will get a guest network ip address instead of the assigned ip address.
  • 0 in reply to BAlfson
    All DHCP Server are on separate Ethernet segments. What is happening is that a computer, that has a static IP address set up for it, does not pickup the assigned ip address but gets an ip address on the guest network instead. We have a rule setup to drop any connection during school hours. We have a church office and a school using the same system. Thus when a computer gets an ip address on the guest network during school hours it can not connect to the internet. Another solution for us would be to disable the guest network during school hours but I have not been able to find out how to do this other than manually disabling it during school hours. There have been instances where I forgot to re-enable it or forgot to disable it. Need an automated way to disable it.
  • 0 in reply to LawrenceReynolds
    If the problem devices are wired, then you have the Guest network somehow connected to your other networks. Check the DHCP log to see where the requests arrive for a guest IP by a machine with a reservation on a different segment.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    All of the devices in question are laptops and all are connecting via wireless network. Our wireless network consist of Unifi pro AP units. All laptops are configured to obtain IP address automatically from dhcp. All laptops are setup in Sophos with a Network Host Definition static mapping.
  • 0 in reply to LawrenceReynolds

    In this case you must work with VLAns or separate the networks physically. Then create unique SSIDs for each network and map them to the appropriate VLAN/network. There must not be any place where the networks are connected together.
    Otherwise the fastest DHCP server wins, it's like gambling... ;-)

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to LawrenceReynolds
    This indicates your wireless is connected somewhere to your wired network.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML