Checking DHCP Pool Clients In Firewall & How To Clear It

businessuer
businessuer Posts: 124  Ally Member
I am using NCC to control my NSG Firewall.

Q1 How do I check the clients (mac and ip) that are assigned to this dhcp pool? (sh ip dhcp binding in cisco)

Q2 How do I clear inactive users? (clear ip dhcp in cisco)

Q3 How do I check how much lease time they have left?

Q4 Is there any way to alert the admin if the DHCP pool is full?

Q5 What does lower STA signal, reason 101 means?

If any of these features is unable in NCC portal, pls kindly put up a feature request for me. 

Accepted Solution

  • Zyxel_Adam
    Zyxel_Adam Posts: 233  Zyxel Employee
    Answer ✓
    Hi @businessuer,

    I understood.
    We will help you to put your wish to idea section, there will have agents to check if the feature request is valid.
    Adam

All Replies

  • Zyxel_Adam
    Zyxel_Adam Posts: 233  Zyxel Employee
    Hi @businessuer,

    Regarding your Q1 and Q3, we have a DHCP lease table in Live tools.
    You can check it in Security gateway > Monitor > Security gateway page.


    Q2: How do I clear inactive users? (clear ip dhcp in cisco)
    > We do have no such a feature on NCC, but we also have "clear ip dhcp binding" command to clear a specific IP.

    Q4: Is there any way to alert the admin if the DHCP pool is full?
    > Yes, we have the feature to notify user via email, and it is a Pro feature.


    Q5: What does lower STA signal, reason 101 means?
    > Is this a NSG log? Could you please have a screenshot to us? or it's an AP log?
    Adam
  • businessuer
    businessuer Posts: 124  Ally Member
    Hi,

    Q2 > We do have no such a feature on NCC, but we also have "clear ip dhcp binding" command to clear a specific IP. Can you give me a screenshot of how to do it in standalone device? Can you implement similar feature in NCC?

    Q6 Is there any way to check if dhcp pool is full? 

    Q5 Lower STA, reason 101 is AP event log. What it means?
  • Zyxel_Adam
    Zyxel_Adam Posts: 233  Zyxel Employee
    Hi @businessuer,

    Can you give me a screenshot of how to do it in standalone device? Can you implement similar feature in NCC?

    We don't think it will be a frequent used feature if DHCP release time is set in a reasonable value. May we know what is the application that you would like to use this feature on NCC platform?

    Q5: Lower STA, reason 101 is AP event log. What it means?
    > The reason why you see that AP event log is related to a function called "Smart Steering". Where AP will disconnect the wireless clients when their connected signal is lower than the threshold you configured. When a client is disconnected, you'll see that log.

    If you still have any concern regarding AP logs, please have a post on our WirelessLAN section.

    Q6: Is there any way to check if dhcp pool is full? 
    > The way to check it manually is to scan the quantity of clients on DHCP lease table (default is 10 per page) and compare to your size pool setting in your LAN interface. 


    Hope it helps,

    Adam
  • businessuer
    businessuer Posts: 124  Ally Member
    Well, 
    perhaps there can be a feature to generate a list of offline devices and remove them from the dhcp pool?

    can you show me a sample log that is generated if the dhcp pool is full?  
  • Zyxel_Adam
    Zyxel_Adam Posts: 233  Zyxel Employee
    edited June 9
    Hi @businessuer,

    perhaps there can be a feature to generate a list of offline devices and remove them from the dhcp pool?
    > The way you thought is similar to what DHCP lease time does,  DHCP lease time is more likely in a inactive way (wait for the time to expire) but in a active way of yours, and it may cause more resources for NCC and devices.

    If you have seem any practical case, please feel free to share here.

    can you show me a sample log that is generated if the dhcp pool is full?  

    Adam
  • businessuer
    businessuer Posts: 124  Ally Member
    Let say my dhcp pool 250 users.
    It is reaching soon.
    I no want affect user
    I want to get rid of inactive hosts.
    If I change ip address, will have downtime. 
    If i can clear ip dhcp client in cisco, why no can do in zyxel 
  • Zyxel_Adam
    Zyxel_Adam Posts: 233  Zyxel Employee
    edited June 9
    Hi @businessuer,

    I am sorry, but I think you misunderstood my words.
    As I mentioned that you can use "clear ip dhcp binding" to clear a specific inactive host, so you are able to do it by using commend line indeed.


    However, what I mean by inquiring you if you've seem any practical case is that does anyone implement this feature on cloud platform. If so, please feel free to share with us, and we will have a further discuss about this topic.

    To avoid using clear ip dhcp binding to actively clear inactive hosts is to set a shorter DHCP lease time, such as 4 hours and 8 hours rather than 1 day or days.
    Adam
  • businessuer
    businessuer Posts: 124  Ally Member
    Hi Adam,

    What I mean is that maybe we have a GUI option to kick a client from the dhcp pool.
    Click on the user and remove him, maybe so he or she can get a new ip address. 

Nebula Tips & Tricks