[USG Flex 100H] - DHCP not release any IPs for Interface (randomly)

Maverick87

Hello everyone,
I have an USG Flex 100H with the latest firmware, and in the night I always switch off my network devices (router, firewall, access point).
In the morning, when I switch back its, sometimes - randomly - the firewall not release any IPs via DHCP for an Interface - also randomly - (sometimes no IPs for LAN devices connected directly to the firewall, sometimes no WLAN IPs configured on specified VLAN-Port).
I checked the logs, and seems empty so seems no error is raised.
The firewall is the only one that can release IPs, I've switched off the DHCP Server on my router and the DHCP Servers are configured on any firewall interface; obviusly every interface have the own IP/Subnet configuration (LAN is 172.16.1.x, WLAN is 172.16.2.x etc etc)

Anyone that have my problem?

Thank you

PeterUK

Not sure I understand what you mean? if the FLEX100H is turned off and back on it has no knowledge as to what device has what IP if you did not turn a device off and keeps that IP for the time of the lease the FLEX100H before giving a IP out may check by ARP if that IP is taken and if Source IP Spoofing Prevention is enabled any device under a lease before the FLEX100H was last online will not work till that device does DHCP.

So maybe try this set lease time to 3 minutes and reboot all your devices then reboot the FLEX100H by the time the FLEX boots your devices will want to DHCP.

Maverick87

Hi PeterUK,
for example: I've also an external Access Point, configured in VLAN (100) on port 2 of the USG Flex, and on this AP is connected my phone.
Now: on the night, turn off all my network devices (firewall and Access Point), so my phone during this period works without wifi.
On the next morning, I woke up my network devices (firewall and AP) and when all is ready and connected, try to connect my phone on the Wifi network. In some cases - randomly - obtain no DHCP Response so the IP is 169.254.x.x with no internet access.
In other cases, also the LAN interfaces (no VLAN, physical connection only) do the same; my PC is directly connected to the LAN Interface (for example on port 5), an in the morning - randomly - no DHCP Response and obtain the IP Address 169.254.x.x (no dhcp response).
Obviously all the ports connected to the same interface name, do the same things; If LAN Interface not working, all the ports configured as LAN Interface not working; same for Wifi… all the devices that try to connect on the same Wifi SSID not working (no DHCP released for every connected devices)

The only way to get the DHCP working again is to do an interface inactive/active circle, setting the interface as inactive, and then re-active again.
I've tried also to disconnect and reconnect the physical device (the AP or the PC), but the DHCP Server for the assigned interface, still does not offer IP addresses until I not deactivate/reactivate the interface.

PeterUK

It could be that FLEX is still booting even when ready?

set lease time to 3 minutes and have devices reboot then test I do a test here to see if I can make what is happening your side.

Maverick87

Can be a still booting problem, but the problem is verificable also after several minutes after the boot.

Also because, for example the PC, if I disconnect it from the LAN (so trying to connect with Wifi), maybe the Wifi connection works correctly, and when I retry to connect with LAN not working anymore.
In this case, if I try to login into the firewall and see the logs, no DHCP Request was logged.

So seems that the computer try to get an IP via DHCP but at the firewall not arrive the DHCP request (so no request appear into log).

My lease time is set to default.

PeterUK

I don't see the problem here but lease time was set to 3 minutes so try that check before rebooting the flex that your device has the 3 minutes lease.

For more info use Wireshark

use filter at start

port 67 or port 68 or ARP

Wireshark • Go Deep

you may have to disable then enable interface and recapture on Wireshark.

Maverick87

Hi PeterUK,

for example: I've also an external Access Point, configured in VLAN (100) on port 2 of the USG Flex, and on this AP is connected my phone.
Now: on the night, turn off all my network devices (firewall and Access Point), so my phone during this period works without wifi.
On the next morning, I woke up my network devices (firewall and AP) and when all is ready and connected, try to connect my phone on the Wifi network. In some cases - randomly - obtain no DHCP Response so the IP is 169.254.x.x with no internet access.
In other cases, also the LAN interfaces (no VLAN, physical connection only) do the same; my PC is directly connected to the LAN Interface (for example on port 5), an in the morning - randomly - no DHCP Response and obtain the IP Address 169.254.x.x (no dhcp response).
Obviously all the ports connected to the same interface name, do the same things; If LAN Interface not working, all the ports configured as LAN Interface not working; same for Wifi… all the devices that try to connect on the same Wifi SSID not working (no DHCP released for every connected devices)

The only way to get the DHCP working again is to do an interface inactive/active circle, setting the interface as inactive, and then re-active again.

Zyxel_Melen

Hi @Maverick87

We have a date code firmware that fix similar issue, I will send the firmware file link to you via private message. Please check you private message box.

Maverick87

https://community.zyxel.com/en/discussion/comment/79864#Comment_79864

I've tried to change the lease time; I don't know if the problem is solved, today morning everythings was OK, but…. I see my DHCP log full of assignment every 3 minutes.

In this way, every 3 mins, a device require a new IP, and the logs is full of this request.
I reset the lease time as 2 days, trying the Melen's firmware.

https://community.zyxel.com/en/discussion/comment/79879#Comment_79879

Hi Melen,
Thank you for your suggestion. I've reset the lease time to 2 days (as explained before) and applied your new firmware. I'll wait if the problem come back.
If there is a new firmware stable version, I cannot apply it, right?

PeterUK

Yes that would be a small problem with all that DHCP but no worse then whats happing on the WAN!

You can disable DHCP logs and enable them when needed but with any luck the firmware you got from Melen may fix your problem.

Zyxel_Melen

Hi @Maverick87

If there is a new firmware stable version, I cannot apply it, right?

Please do not apply a new official firmware version since this fix might not included in the new firmware version for some reason, ex. The firmware hasn't been verified when we release the new firmware.