Project

General

Profile

Bug #1628

Static ARP entries need reapplied after link loss

Added by Basel G. almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DHCP Server
Target version:
Start date:
06/29/2011
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:
All

Description

Enabling static ARP in DHCPD causes the ARP table to get cleared if a disconnect happens to switches/clients connected to it, "arp -an" shows nothing, requiring a reboot to get the ARP list back.

another issue is "Deny unknown hosts" doesn't deny users not in the list...

Associated revisions

Revision 8ee623f3 (diff)
Added by Jim Pingle almost 8 years ago

Instead of deleting arp entries, reconfigure static arp. For interfaces without static arp enabled, the net effect is the same (arp entries are already deleted as part of that function). Fixes #1628

History

#1 Updated by Basel G. almost 8 years ago

small clarification about "Deny unknown hosts", if users are using a static IP they can bypass this if they are not in the dhcpd list... also it requires lowering lease times as much as possible for it to take action...so its working if these conditions are met

#2 Updated by Jim Pingle almost 8 years ago

  • Category set to DHCP Server
  • Priority changed from High to Normal
  • Affected Version set to 2.0
  • Affected Architecture set to All

Deny Unknown Clients only affects the DHCP server giving out IPs to clients that are not listed. A client can hardcode an IP - that has nothing to do with the option. Deny Unknown Clients is working as intended if, when enabled, a client not listed as static does not get an IP when set to DHCP.

Static ARP is meant to handle locking out people not in that list, and if that breaks when an interface goes down/up, that's the real problem.

#3 Updated by Basel G. almost 8 years ago

The problem with Static ARP is its locking out everyone listed when they disconnect and try to reconnect, maybe its related to lease time?

#4 Updated by Basel G. almost 8 years ago

My setup is like this: about 20 switches serving around 150 clients connected through LAN, when I do a power cycle on them with "Static ARP" enabled the whole LAN becomes unresponsive, even if you try to renew IP or hardcode it, the only way I found to solve this is to reboot pfsense itself.

when this happens the command "arp -an" shows WAN info only...

so its denying known hosts too, I couldn't replicate this issue on vmware for some reason

#5 Updated by Jim Pingle almost 8 years ago

The problem is still with the ARP entries disappearing. That's the only issue here.

Are you power cycling the individual clients or the whole switch? If a link down/up on LAN causes the ARP entries to disappear that should be fairly easy to track down comparatively.

#6 Updated by Basel G. almost 8 years ago

yes the only issue is ARP entries are disappearing

I'm power cycling all the switches since we get powercuts and we have to switch to power generators...

#7 Updated by Jim Pingle almost 8 years ago

  • Subject changed from DHCPD + static ARP/Deny unknown hosts breaks LAN to Static ARP entries need reapplied after link loss
  • Target version set to 2.0

#8 Updated by Jim Pingle almost 8 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#9 Updated by Basel G. almost 8 years ago

Tested it with embedded and it works! going to apply it to a full version install now.

#10 Updated by Chris Buechler almost 8 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF