Cisco firewall filling ip addresses & not releasing them

[russellhltn]

When a mobile device goes to sleep it does not send a release notice.

For kicks and grins I checked some of our church routers. The 501 gave out a lease for only an hour. The 881W gave for 2 hours. Both had subnets of 255.255.255.192, which I believe gives at most 61 possible IPs after accounting for the router. (However, the DHCP range is probably less and the number of licenses limits the number of users going to the Internet, even if they can get an IP.)

But a one-hour lease should help minimize the carry over from one ward's usage to the next. The OP should probably do a ipconfig /all to see what the lease looks like on his system.

The loss of connection would be detected on the first transmission of a packet request to the router. The router would compare the MAC address assigned to the IP address. The router would then respond to the wireless device and the wireless device would request a new IP address lease. IP collisions are possible for a few microseconds but would be quickly resolved.

All I know is I've seen IP conflicts in wired networks when the DHCP has been reset.

[jdlessley]

When a mobile device goes to sleep it does not send a release notice.

This is not entirely true. For a few years this was the default for many mobile devices. There are some systems such as those devices running Android 2.1 -3.1 that have settings in which the user can, depending on the device, specify the WiFi "sleep policy" or WiFi "disconnect policy". Again, depending on the device, there are choices such as disconnect "After 15 mins" or "When screen turns off". Unfortunately it is hard to tell how many users take the time or effort to change the defaults to more WiFi considerate and friendly settings. We have to assume the worst case which is my original statement.

[russellhltn]

There are some systems such as those devices running Android 2.1 -3.1 that have settings in which the user can, depending on the device, specify the WiFi "sleep policy" or WiFi "disconnect policy".

I can't find anything like that on my Android 2.2.

We have to assume the worst case which is my original statement.

Or, at least a percentage of users will have worst case.

Of course even with a 1 hour time-out, the user could use it in such a way that they'll still have the IP 50 minutes after they've left church.

[jdlessley]

I can't find anything like that on my Android 2.2.

I don't know which is applicable to your device but it should be something like one of these:

Settings
-> Wireless & networks
-> Wi-Fi settings
-> Menu (button)
-> Advanced
-> Wi-Fi sleep policy

Settings
-> Wireless & networks
-> Wi-Fi settings
-> Wi-Fi disconnect policy

If the WiFi settings item is greyed-out, you may need to turn on WiFi before you can select this item.

[russellhltn]

-> Menu (button)

Ah, I didn't think to look for a menu within a menu.

Mine is defaulted to sleep (switch back to the mobile network) when the screen shuts off.

[Biggles]

Can a 1040 work though a "consumer" router ok? Since those are where I'd expect the majority of IP requests to come from, that's one of the first things I'd put behind an added router.

I hadn't actually given any thought to connecting a WAP to the router. If I get the time I will try this out. I believe that the password, itself, is stored on the WAP so shouldn't affect the existing log on's.

I also realise that by doing this, that the GSD will unlikely to be able to do any maintenance etc., on the WAP.

[jsmack]

Late to the game I know, and I haven't read all the details of the many remarks posted.

We also have this challenge, more often than not it's a small group of people that have coded every device they own with the wireless information so as soon as they walk in the door they are chewing up three or more IP addresses. In some cases I have gone the double NAT route with a consumer grade firewall behind the PIX and in others where the problem isn't as prevelant I have given the "important" computers and devices (clerk, printers, Polycom etc.) static addresses outside the boundries of the DHCP scope.

[Biggles]

I hadn't actually given any thought to connecting a WAP to the router. If I get the time I will try this out. I believe that the password, itself, is stored on the WAP so shouldn't affect the existing log on's.

I also realise that by doing this, that the GSD will unlikely to be able to do any maintenance etc., on the WAP.

I've now had the opportunity to do this and can report that it does work OK.