Bug #8085
closedDHCP deny client - breaks DHCP pool
0%
Description
I decided that on my LAN I mainly wanted DHCP to be handed out to the static mappings and I wanted the static mappings to have very long expiration times.
I created a pool for actual dynamic mapping in the same subnet. I used this technique basically so I could provide shorter lease times to leases that were not derived from a static entry.
1) LAN - a) checked Deny unknown clients - b) checked Denied clients will be ignored rather than rejected.
2) LAN pool - did not check either of the above.
When above 1 b) was checked - DHCP no longer handed out addresses within the pool - it basically disabled the pool altogether.
Expected:
I expected the LAN to not hand out or respond to any DHCP request that was not statically listed.
I also expected the LAN pool to be consulted and for the pool to hand out an address.
as a side note: the 'default lease time' of a pool is not 7200 secs, it is whatever it set in the main interface - I did not expect the pool would use values from the interface if left blank.
Updated by Jim Pingle about 7 years ago
- Status changed from New to Not a Bug
The GUI places the directives in the correct places, within the specified pools, so there isn't any bug here.
That said, your design is flawed. Statics are not a part of any pool, so their behavior only has vaguely to do with interface global settings and not the default range/pool or pool-specific options.
Post on the forum, mailing list, or reddit to discuss and perhaps come up with a better design that can get closer to what you want.
Updated by Ken Bass about 7 years ago
I don't understand how this is Not a bug - forget about what I was trying to accomplish.
On the main LAN interface - I had an IP range of a single IP and I checked those boxes listed in 1) a & b
On the LAN pool - I had an IP range of 30 IPs. When 1) b was checked NO IPs were given out whatsoever.
I guess I don't understand why the pool wouldn't not hand out IP addresses--thus the bug report.
Updated by Jim Pingle about 7 years ago
It's not a bug in pfSense - we generate the configuration file correctly. If there is any issue it is one directly in the ISC DHCP Daemon, or one in your understanding of how the settings should interact.
Updated by Ken Bass about 7 years ago
I have verified that you generate the config file correctly. After trying to reproduce this again today, it appears to be working. Maybe there was a non-expired lease leftover during my testing yesterday. I cannot explain it.