USG40: strange DHCP Behavior

mMontana
mMontana Posts: 1,399  Guru Member
50 Answers 1000 Comments Friend Collector Fifth Anniversary
edited April 2021 in Security

I've setup a USG40 with 3 network segments: Lan1 (192.168.20.0/24), Lan2 (172.31.2.0/23), OPT as WAN with a fixed IP address matching network segment for WAN connection (subnet 192.168.1.0/24).

DHCP was enabled on LAN2. Starting address 172.31.2.51, 400 clients available, so addresses should start from 172.31.2.51 to 172.31.3.145. But USG40 start to lease from 172.31.3.1

My configuration is wrong? Zyxel software do not support this kind of subnet overlap for /23 networks (aka Subnet Mask 255.255.254.0)

Thanks 😃

All Replies

  • PeterUK
    PeterUK Posts: 3,503  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 2019

    Its not subnet overlap as your using the correct subnet for a bigger IP space so it may be simply be the way DHCP hands out IP's.

    Set pool size to 205 this will make 172.31.3.1 to one device then add one more and the DHCP puts the device in the 172.31.2.xxx range.

  • mMontana
    mMontana Posts: 1,399  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    Thanks for your thougs, @PeterUK, but this lease pattern to not match the previous experiences on Zyxel UTM (USG20 and 100 of the previous generation, firmware 3.x).

    Currently i have no way to change the setup of USG40, which keeps working, at least i hope until the 146th device that will be connected.

    But i surely will try a similar arrangement with an old USG20, for have an insight of what's happening.

  • PeterUK
    PeterUK Posts: 3,503  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    I have a USG40 and tested with 192.168.252.0/255.255.254.0 IP pool start address 192.168.252.2 pool size 509

    first device gets IP 192.168.253.0

    second device gets IP 192.168.252.2


    I then changed the IP pool start address 192.168.252.255 pool size 2

    first device gets IP 192.168.253.0

    second device gets IP 192.168.252.255

    So it seems the starts in the middle then to low if I had more devices it might likely get 192.168.253.1

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @mMontana ,@PeterUK

    It’s doable to release from the 1st IP in the DHCP pool, however, the mechanism changing will lead to some kind of extra resource overhead due to pool sorting, recording, searching…etc especially when the pool size is huge. That’s why we didn’t implement DHCP mechanism in this way. 

  • mMontana
    mMontana Posts: 1,399  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    How many leases are necessary to define a pool "huge"?

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @mMontana ,

    If the DHCP pool is larger than class C range, it will not release the IP in order base on daemon algorithm.

  • mMontana
    mMontana Posts: 1,399  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    UP.
    Considering "not small" environments like Hotels, Congress Centers, open areas, C-Class is still the reccomended settings?
    Moreover...
    mMontana said:

    How many leases are necessary to define a pool "huge"?

    This question, after like three years, still not answered.
  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,518  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @mMontana,
    Based on current design/behavior, if the pool is large than a  class C, it would not release IP in sequence order. This area will not be impacted in DHCP release.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)