Weird apparent IP problem

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

Weird apparent IP problem

#1

Post by aclawson »

I think that the firewall wasn't releasing expired IP leases correctly during this stake conference weekend. Numerous people could connect to the WiFi but couldn't access anything. I verified connectivity through the Comcast box directly so that wasn't the issue. I ran a scan of the subnet but could only see about 10 devices that were active. One of the clerk machines that I checked had been given a new IP about 45 minutes before the start of conference with a two hour lease, but once the building was filled nobody else could connect to the network. A power cycle on the firewall corrected the problem.

The first suspect is that the server wasn't releasing the leases correctly. 2nd is that there was a flood of DHCP discover packets that was overwhelming the device - I wish I had my packet sniffer with me so I could have ruled this out.

Any thoughts / other similar experiences?
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#2

Post by russellhltn »

What firewall do you have? Some of the earlier ones (like the PIX501) had a license that limited the number of Internet connections to less then the DHCP range.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

#3

Post by aclawson »

881 - has been in place for a couple of months
User avatar
pete.arnett
Member
Posts: 257
Joined: Thu Dec 23, 2010 7:33 am
Location: Sunny South Florida, USA

#4

Post by pete.arnett »

Had the same issue, with several large units meeting in the same meetinghouse

It appears that your meetinghouse Cisco 881 ran out of DHCP address

The original default Cisco 881 firewall setup is for a total of 64 IP addresses, which includes 9 for static IP address and 54 for DHCP IP addresses

Suggest you or your Stake Technology Specialist contactLDS IT, (Global Support, [url=tel:1-866-678-2763]1-866-678-2763[/url]), and request to have anincreasein the number of IP addressesavailablefordynamic address allocation (DHCP).

Headquarters should have updated
theDynamic Host Configuration Protocol (DHCP) Release Time at your stake center and set it to two (2) hours.
Thanks,
:cool:Your Fellow Member,
Pete Arnett
Sunny South Florida, USA
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#5

Post by rbeede »

If you do listen to the traffic on the network you may see some DHCPNAK if the lease pool is full. Helpful since you can't access the DHCP daemon log to check.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

#6

Post by aclawson »

That's just it - the lease pool shouldn't have been full. Leases are set to two hours and there were only a dozen active IPs on the network at the time.
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#7

Post by russellhltn »

aclawson wrote:That's just it - the lease pool shouldn't have been full. Leases are set to two hours and there were only a dozen active IPs on the network at the time.

How are you determining "active"? Not all devices respond to a ping. The devices may also have disconnected without letting the DHCP know that they were releasing the IP.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
rbeede
Member
Posts: 205
Joined: Sat Apr 02, 2011 1:33 pm
Contact:

#8

Post by rbeede »

If the issue occurs again you could contact the GSC, and ask them to review the firewall logs.
User avatar
JeffTurgeon
Member
Posts: 58
Joined: Fri Feb 18, 2011 9:04 pm
Location: Dearborn, MI

#9

Post by JeffTurgeon »

We had a similar problem at a couple of our buildings. The first ward gobbled up the IPs and when the second ward arrived none were available, even if many of the first ward members had already left the building.

Smartphones love to auto-connect to WIFI when they see it to save on data package transmissions; therefore eating up the IPs. The amount of data sent was minimal unless the phone was doing major updates (unlikely) but the IP address was still being held for the smartphone until the lease time-out. This was preventing the next ward from obtaining a connection since there were no more IPs available under the default programming of the 881w.

The GSD informed me that the default setup for the 881w was 52 DHCP. They went into detail about the IPs being held until time-out preventing additional connections. Since we know that most of the connections are idle or are no longer being used we had no problem increasing the IP assignment range. We didn't change the lease time-out as this creates more network congestion. From prior experience GSD recommended that we increased our 2-ward building to 25 Static & 159 DHCP. They also recommended changing the Stake Center to 65 Static & 245 DHCP. We had them reconfigure the router and will monitor the results.

The upcoming Conference will be a good test for us as a ton of people from multiple ward buildings will have samrtphones auto connecting.

It may also be a good idea to put your local clerk and stake computers as well as rebroadcasting equipment on static IPs with the already networked printers. I believe this was their intent for setting so many static IPs aside.

Just be sure to make a list as to what equipment has what static IP so when you end up replacing equipment someday you can easily reuse that piece's IP again. From my days as a field tech I really appreciated it when the static IDs were marked on the particular piece of equipment in a inconspicuous place. Sure did save a lot of time when replacing failed equipment.
User avatar
JeffTurgeon
Member
Posts: 58
Joined: Fri Feb 18, 2011 9:04 pm
Location: Dearborn, MI

Increased DHCP Range worked well.. Even used Roku streaming priesthood on Internet

#10

Post by JeffTurgeon »

Just thought I'd give some feedback with the increased DHCP ranges.

NO PROBLEMS, even with the Smart Phones auto-connecting. This was music to my ears... :)

We even streamed the Priesthood Session over our Internet connection using Roku connected to the church sound system and projected on a large screen in the chapel. No glitches, stutters, audio issues, etc. Super crisp and clean like our satellite broadcast transmissions. I was very impressed.
Post Reply

Return to “Meetinghouse Internet”