XS3800 IP Source Guard Lease time update issue.
There is a switch XS3800-28 with the firmware version 4.70(ABML.1).
DHCP snooping, IP Source Guard, and ARP Inspection are configured on the device.
DHCP server is standalone device and XS3800-28 works as DHCP relay.
When user’s computer receives IP address, a new record appears in the IP Source Guard table.
Everything works fine until the Lease time is expired.
As soon as Lease time expires the MAC address is placed into the filtering table. I have figured out that re-new of IP address does not update the Lease time in the IP Source Guard table. If cable from user’s computer is disconnected and connected back, everything is updated and works fine. Moreover, if ipconfig /release and ipconfig /renew are executed on user’s Windows computers, the problem solves as well. But only ipconfig /renew command update Lease time only on the local computer and DHCP server, but Lease time is not updated in the IP Source Guard table.
Could you please advise how to solve the problem?
Accepted Solution
-
@Eugene0x1
Hello,
As I check the log, DHCP server is located on VLAN12 and in usual case we put DHCP sever's VLAN to the DHCP snooping setting, please bind VLAN12 to it and help to provide the tech support file if the issue still persists.
0
All Replies
-
@Eugene0x1
In general, when the lease time remains at the half, for instance, the lease time is 10 minutes, the client will send DHCP request to renew the IP after 5 minute and DHCP server will answer the ack to the client.
You have mentioned that "As soon as Lease time expires the MAC address is placed into the filtering table." I assume you mean your lease time will run out to 0.
If it is the case then your DHCP server may not answer the call when the client tries to renew or the client does not send the renewal after the half of lease time.
0 -
Dear Chris,
When ipconfig /renew executed manually on the Windows computer the leas time is updated on the client computer, it can be seen in the properties of a network adapter. The same time lease time for the record of this client is updated on the DHCP server as well. In other words, both client and DHCP server update their lease time, it means that interaction happens successfully. Only XS3800-28 does not update the lease time. The DHCP server is configured on a Mikrotik device.
0 -
Can you block the client from requesting of the server IP this way the client will Rebinding and broadcast the a request for renew.
0 -
Dear PeterUK,
Unfortunately, the blocking of the request from the clients is not possible. Is it well known issue that XS3800-28 ignores DHCP renew requests?
0 -
My GS2210-24 works fine with IP Source Guard but then the firmware is likely not the same code.
Are you able to test another DHCP server?
Maybe the XS3800-28 is not snooping ACK and only sees OFFERS?
0 -
@Eugene0x1
I have use the Mikrotik routerboard 450G to try to reproduce this issue however, ipconfig/renew can work and also can get IP when the lease time is expired.
Could you PM me your tech support file? I would like to check your configuration.
In management> maintenance> tech support0 -
4.80 firmware is now posted. Perhaps...
0 -
@Eugene0x1
It's been a while, may I know if the issue still persists if so please private message me the tech support file as I required last time.0 -
Dear Chris,
Sorry for the delay. I have sent a private message to you.1 -
@Eugene0x1
Hello,
As I check the log, DHCP server is located on VLAN12 and in usual case we put DHCP sever's VLAN to the DHCP snooping setting, please bind VLAN12 to it and help to provide the tech support file if the issue still persists.
0
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 136 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.5K Security
- 191 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 40 Wireless Ideas
- 6.2K Consumer Product
- 238 Service & License
- 376 News and Release
- 80 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 81 About Community
- 70 Security Highlight