Page 1 of 1

Weird apparent IP problem

Posted: Sun Feb 26, 2012 1:49 pm
by aclawson
I think that the firewall wasn't releasing expired IP leases correctly during this stake conference weekend. Numerous people could connect to the WiFi but couldn't access anything. I verified connectivity through the Comcast box directly so that wasn't the issue. I ran a scan of the subnet but could only see about 10 devices that were active. One of the clerk machines that I checked had been given a new IP about 45 minutes before the start of conference with a two hour lease, but once the building was filled nobody else could connect to the network. A power cycle on the firewall corrected the problem.

The first suspect is that the server wasn't releasing the leases correctly. 2nd is that there was a flood of DHCP discover packets that was overwhelming the device - I wish I had my packet sniffer with me so I could have ruled this out.

Any thoughts / other similar experiences?

Posted: Sun Feb 26, 2012 1:53 pm
by russellhltn
What firewall do you have? Some of the earlier ones (like the PIX501) had a license that limited the number of Internet connections to less then the DHCP range.

Posted: Sun Feb 26, 2012 2:19 pm
by aclawson
881 - has been in place for a couple of months

Posted: Sun Feb 26, 2012 3:27 pm
by pete.arnett
Had the same issue, with several large units meeting in the same meetinghouse

It appears that your meetinghouse Cisco 881 ran out of DHCP address

The original default Cisco 881 firewall setup is for a total of 64 IP addresses, which includes 9 for static IP address and 54 for DHCP IP addresses

Suggest you or your Stake Technology Specialist contactLDS IT, (Global Support, [url=tel:1-866-678-2763]1-866-678-2763[/url]), and request to have anincreasein the number of IP addressesavailablefordynamic address allocation (DHCP).

Headquarters should have updated
theDynamic Host Configuration Protocol (DHCP) Release Time at your stake center and set it to two (2) hours.

Posted: Sun Feb 26, 2012 8:49 pm
by rbeede
If you do listen to the traffic on the network you may see some DHCPNAK if the lease pool is full. Helpful since you can't access the DHCP daemon log to check.

Posted: Mon Feb 27, 2012 4:40 pm
by aclawson
That's just it - the lease pool shouldn't have been full. Leases are set to two hours and there were only a dozen active IPs on the network at the time.

Posted: Mon Feb 27, 2012 4:45 pm
by russellhltn
aclawson wrote:That's just it - the lease pool shouldn't have been full. Leases are set to two hours and there were only a dozen active IPs on the network at the time.

How are you determining "active"? Not all devices respond to a ping. The devices may also have disconnected without letting the DHCP know that they were releasing the IP.

Posted: Mon Feb 27, 2012 5:00 pm
by rbeede
If the issue occurs again you could contact the GSC, and ask them to review the firewall logs.

Posted: Fri Mar 23, 2012 9:04 pm
by JeffTurgeon
We had a similar problem at a couple of our buildings. The first ward gobbled up the IPs and when the second ward arrived none were available, even if many of the first ward members had already left the building.

Smartphones love to auto-connect to WIFI when they see it to save on data package transmissions; therefore eating up the IPs. The amount of data sent was minimal unless the phone was doing major updates (unlikely) but the IP address was still being held for the smartphone until the lease time-out. This was preventing the next ward from obtaining a connection since there were no more IPs available under the default programming of the 881w.

The GSD informed me that the default setup for the 881w was 52 DHCP. They went into detail about the IPs being held until time-out preventing additional connections. Since we know that most of the connections are idle or are no longer being used we had no problem increasing the IP assignment range. We didn't change the lease time-out as this creates more network congestion. From prior experience GSD recommended that we increased our 2-ward building to 25 Static & 159 DHCP. They also recommended changing the Stake Center to 65 Static & 245 DHCP. We had them reconfigure the router and will monitor the results.

The upcoming Conference will be a good test for us as a ton of people from multiple ward buildings will have samrtphones auto connecting.

It may also be a good idea to put your local clerk and stake computers as well as rebroadcasting equipment on static IPs with the already networked printers. I believe this was their intent for setting so many static IPs aside.

Just be sure to make a list as to what equipment has what static IP so when you end up replacing equipment someday you can easily reuse that piece's IP again. From my days as a field tech I really appreciated it when the static IDs were marked on the particular piece of equipment in a inconspicuous place. Sure did save a lot of time when replacing failed equipment.

Increased DHCP Range worked well.. Even used Roku streaming priesthood on Internet

Posted: Mon Apr 30, 2012 6:13 pm
by JeffTurgeon
Just thought I'd give some feedback with the increased DHCP ranges.

NO PROBLEMS, even with the Smart Phones auto-connecting. This was music to my ears... :)

We even streamed the Priesthood Session over our Internet connection using Roku connected to the church sound system and projected on a large screen in the chapel. No glitches, stutters, audio issues, etc. Super crisp and clean like our satellite broadcast transmissions. I was very impressed.