LDSTech

Weird apparent IP problem

Discuss various issues around providing Internet access to meetinghouses.

Moderators: MarchantRR, SheffieldTR

Weird apparent IP problem

#1Postby aclawson » Sun Feb 26, 2012 1:49 pm

I think that the firewall wasn't releasing expired IP leases correctly during this stake conference weekend. Numerous people could connect to the WiFi but couldn't access anything. I verified connectivity through the Comcast box directly so that wasn't the issue. I ran a scan of the subnet but could only see about 10 devices that were active. One of the clerk machines that I checked had been given a new IP about 45 minutes before the start of conference with a two hour lease, but once the building was filled nobody else could connect to the network. A power cycle on the firewall corrected the problem.

The first suspect is that the server wasn't releasing the leases correctly. 2nd is that there was a flood of DHCP discover packets that was overwhelming the device - I wish I had my packet sniffer with me so I could have ruled this out.

Any thoughts / other similar experiences?
aclawson
Senior Member
 
Posts: 507
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

#2Postby russellhltn » Sun Feb 26, 2012 1:53 pm

What firewall do you have? Some of the earlier ones (like the PIX501) had a license that limited the number of Internet connections to less then the DHCP range.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.
russellhltn
Community Administrator
 
Posts: 14090
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#3Postby aclawson » Sun Feb 26, 2012 2:19 pm

881 - has been in place for a couple of months
aclawson
Senior Member
 
Posts: 507
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

#4Postby pete.arnett » Sun Feb 26, 2012 3:27 pm

Had the same issue, with several large units meeting in the same meetinghouse

It appears that your meetinghouse Cisco 881 ran out of DHCP address

The original default Cisco 881 firewall setup is for a total of 64 IP addresses, which includes 9 for static IP address and 54 for DHCP IP addresses

Suggest you or your Stake Technology Specialist contactLDS IT, (Global Support, [url=tel:1-866-678-2763]1-866-678-2763[/url]), and request to have anincreasein the number of IP addressesavailablefordynamic address allocation (DHCP).

Headquarters should have updated
theDynamic Host Configuration Protocol (DHCP) Release Time at your stake center and set it to two (2) hours.[font=Verdana][/font]
Thanks,
:cool:Your Fellow Member,
Pete Arnett
Sunny South Florida, USA
User avatar
pete.arnett
Member
 
Posts: 140
Joined: Thu Dec 23, 2010 7:33 am
Location: Sunny South Florida, USA

#5Postby rbeede » Sun Feb 26, 2012 8:49 pm

If you do listen to the traffic on the network you may see some DHCPNAK if the lease pool is full. Helpful since you can't access the DHCP daemon log to check.
User avatar
rbeede
Member
 
Posts: 200
Joined: Sat Apr 02, 2011 12:33 pm

#6Postby aclawson » Mon Feb 27, 2012 4:40 pm

That's just it - the lease pool shouldn't have been full. Leases are set to two hours and there were only a dozen active IPs on the network at the time.
aclawson
Senior Member
 
Posts: 507
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

#7Postby russellhltn » Mon Feb 27, 2012 4:45 pm

aclawson wrote:That's just it - the lease pool shouldn't have been full. Leases are set to two hours and there were only a dozen active IPs on the network at the time.


How are you determining "active"? Not all devices respond to a ping. The devices may also have disconnected without letting the DHCP know that they were releasing the IP.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.
russellhltn
Community Administrator
 
Posts: 14090
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#8Postby rbeede » Mon Feb 27, 2012 5:00 pm

If the issue occurs again you could contact the GSC, and ask them to review the firewall logs.
User avatar
rbeede
Member
 
Posts: 200
Joined: Sat Apr 02, 2011 12:33 pm

#9Postby JeffTurgeon » Fri Mar 23, 2012 8:04 pm

We had a similar problem at a couple of our buildings. The first ward gobbled up the IPs and when the second ward arrived none were available, even if many of the first ward members had already left the building.

Smartphones love to auto-connect to WIFI when they see it to save on data package transmissions; therefore eating up the IPs. The amount of data sent was minimal unless the phone was doing major updates (unlikely) but the IP address was still being held for the smartphone until the lease time-out. This was preventing the next ward from obtaining a connection since there were no more IPs available under the default programming of the 881w.

The GSD informed me that the default setup for the 881w was 52 DHCP. They went into detail about the IPs being held until time-out preventing additional connections. Since we know that most of the connections are idle or are no longer being used we had no problem increasing the IP assignment range. We didn't change the lease time-out as this creates more network congestion. From prior experience GSD recommended that we increased our 2-ward building to 25 Static & 159 DHCP. They also recommended changing the Stake Center to 65 Static & 245 DHCP. We had them reconfigure the router and will monitor the results.

The upcoming Conference will be a good test for us as a ton of people from multiple ward buildings will have samrtphones auto connecting.

It may also be a good idea to put your local clerk and stake computers as well as rebroadcasting equipment on static IPs with the already networked printers. I believe this was their intent for setting so many static IPs aside.

Just be sure to make a list as to what equipment has what static IP so when you end up replacing equipment someday you can easily reuse that piece's IP again. From my days as a field tech I really appreciated it when the static IDs were marked on the particular piece of equipment in a inconspicuous place. Sure did save a lot of time when replacing failed equipment.
User avatar
JeffTurgeon
Member
 
Posts: 50
Joined: Fri Feb 18, 2011 9:04 pm
Location: Dearborn, MI

Increased DHCP Range worked well.. Even used Roku streaming priesthood on Internet

#10Postby JeffTurgeon » Mon Apr 30, 2012 5:13 pm

Just thought I'd give some feedback with the increased DHCP ranges.

NO PROBLEMS, even with the Smart Phones auto-connecting. This was music to my ears... :)

We even streamed the Priesthood Session over our Internet connection using Roku connected to the church sound system and projected on a large screen in the chapel. No glitches, stutters, audio issues, etc. Super crisp and clean like our satellite broadcast transmissions. I was very impressed.
User avatar
JeffTurgeon
Member
 
Posts: 50
Joined: Fri Feb 18, 2011 9:04 pm
Location: Dearborn, MI


Return to Meetinghouse Internet

Who is online

Users browsing this forum: No registered users and 0 guests