Bug #1628
closed
Static ARP entries need reapplied after link loss
100%
Description
Enabling static ARP in DHCPD causes the ARP table to get cleared if a disconnect happens to switches/clients connected to it, "arp -an" shows nothing, requiring a reboot to get the ARP list back.
another issue is "Deny unknown hosts" doesn't deny users not in the list...
Updated by Basel G. over 13 years ago
small clarification about "Deny unknown hosts", if users are using a static IP they can bypass this if they are not in the dhcpd list... also it requires lowering lease times as much as possible for it to take action...so its working if these conditions are met
Updated by Jim Pingle over 13 years ago
- Category set to DHCP (IPv4)
- Priority changed from High to Normal
- Affected Version set to 2.0
- Affected Architecture All added
- Affected Architecture deleted (
)
Deny Unknown Clients only affects the DHCP server giving out IPs to clients that are not listed. A client can hardcode an IP - that has nothing to do with the option. Deny Unknown Clients is working as intended if, when enabled, a client not listed as static does not get an IP when set to DHCP.
Static ARP is meant to handle locking out people not in that list, and if that breaks when an interface goes down/up, that's the real problem.
Updated by Basel G. over 13 years ago
The problem with Static ARP is its locking out everyone listed when they disconnect and try to reconnect, maybe its related to lease time?
Updated by Basel G. over 13 years ago
My setup is like this: about 20 switches serving around 150 clients connected through LAN, when I do a power cycle on them with "Static ARP" enabled the whole LAN becomes unresponsive, even if you try to renew IP or hardcode it, the only way I found to solve this is to reboot pfsense itself.
when this happens the command "arp -an" shows WAN info only...
so its denying known hosts too, I couldn't replicate this issue on vmware for some reason
Updated by Jim Pingle over 13 years ago
The problem is still with the ARP entries disappearing. That's the only issue here.
Are you power cycling the individual clients or the whole switch? If a link down/up on LAN causes the ARP entries to disappear that should be fairly easy to track down comparatively.
Updated by Basel G. over 13 years ago
yes the only issue is ARP entries are disappearing
I'm power cycling all the switches since we get powercuts and we have to switch to power generators...
Updated by Jim Pingle over 13 years ago
- Subject changed from DHCPD + static ARP/Deny unknown hosts breaks LAN to Static ARP entries need reapplied after link loss
- Target version set to 2.0
Updated by Jim Pingle over 13 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 8ee623f3a98dca5681274d6a14450223236b4013.
Updated by Basel G. over 13 years ago
Tested it with embedded and it works! going to apply it to a full version install now.
Updated by Chris Buechler over 13 years ago
- Status changed from Feedback to Resolved