Project

General

Profile

Actions

Bug #1628

closed

Static ARP entries need reapplied after link loss

Added by Basel G. over 12 years ago. Updated over 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DHCP (IPv4)
Target version:
Start date:
06/29/2011
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
All

Description

Enabling static ARP in DHCPD causes the ARP table to get cleared if a disconnect happens to switches/clients connected to it, "arp -an" shows nothing, requiring a reboot to get the ARP list back.

another issue is "Deny unknown hosts" doesn't deny users not in the list...

Actions #1

Updated by Basel G. over 12 years ago

small clarification about "Deny unknown hosts", if users are using a static IP they can bypass this if they are not in the dhcpd list... also it requires lowering lease times as much as possible for it to take action...so its working if these conditions are met

Actions #2

Updated by Jim Pingle over 12 years ago

  • Category set to DHCP (IPv4)
  • Priority changed from High to Normal
  • Affected Version set to 2.0
  • Affected Architecture All added
  • Affected Architecture deleted ()

Deny Unknown Clients only affects the DHCP server giving out IPs to clients that are not listed. A client can hardcode an IP - that has nothing to do with the option. Deny Unknown Clients is working as intended if, when enabled, a client not listed as static does not get an IP when set to DHCP.

Static ARP is meant to handle locking out people not in that list, and if that breaks when an interface goes down/up, that's the real problem.

Actions #3

Updated by Basel G. over 12 years ago

The problem with Static ARP is its locking out everyone listed when they disconnect and try to reconnect, maybe its related to lease time?

Actions #4

Updated by Basel G. over 12 years ago

My setup is like this: about 20 switches serving around 150 clients connected through LAN, when I do a power cycle on them with "Static ARP" enabled the whole LAN becomes unresponsive, even if you try to renew IP or hardcode it, the only way I found to solve this is to reboot pfsense itself.

when this happens the command "arp -an" shows WAN info only...

so its denying known hosts too, I couldn't replicate this issue on vmware for some reason

Actions #5

Updated by Jim Pingle over 12 years ago

The problem is still with the ARP entries disappearing. That's the only issue here.

Are you power cycling the individual clients or the whole switch? If a link down/up on LAN causes the ARP entries to disappear that should be fairly easy to track down comparatively.

Actions #6

Updated by Basel G. over 12 years ago

yes the only issue is ARP entries are disappearing

I'm power cycling all the switches since we get powercuts and we have to switch to power generators...

Actions #7

Updated by Jim Pingle over 12 years ago

  • Subject changed from DHCPD + static ARP/Deny unknown hosts breaks LAN to Static ARP entries need reapplied after link loss
  • Target version set to 2.0
Actions #8

Updated by Jim Pingle over 12 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #9

Updated by Basel G. over 12 years ago

Tested it with embedded and it works! going to apply it to a full version install now.

Actions #10

Updated by Chris Buechler over 12 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF