Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 2399 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

dhcp renewal every 81 seconds

Niall Farrell

Hi,

Hoping someone can help me with my XG Firewall and my strange DHCP issue.

I've set up DHCP on a VLAN and it serves about 10 devices.

However, 2 of those devices show up in the System log and 'Renew' every 81 (or 82 seconds) without fail.

These two devices are a Google Home and a Google Home mini. All other devices renew their IP according to the lease set (30 days).

I've recently set these 2 devices to DHCP Reserved in an effort to prevent this message. However, still showing up in the Sophos XG logs. Message ID is 60020

I powered them off for over 90 minutes. Still kept showing in the logs. I turned off DHCP and turned it back on. Rebooted the firewall. I double-checked the MAC addresses to ensure they match just in case I was getting the wrong information.

The System log on the Sophos XG still shows these devices as Renew [60020] every 81 or 82 seconds.

Nothing is broken. Everything works. XG isn't under a massive load but if I need to troubleshoot, this amount of noise in the logs will make any issues that arise a lot more difficult.

Any potential solutions would be greatly appreciated, as it's wrecking my head.

Thanks for reading.

Niall.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Issue not resolved. I couldn't set a static IP for the devices in question as suggested. Google Home (and Mini) doesn't appear to have the option to allow a static IP address. However, it looks like its a symptom of an underlying issue that I discovered when trying to put the mini back on the network. I took it off in case the setting to provide a static IP was only available during setup. These 2 devices keep roaming between my 2 AP's. Most other devices don't. My phones do every so often but that's because they move around so can understand that, but these are the only two that constantly roam from 1 AP to the other. No idea why but obviously the DHCP is providing the same address as it's the same device. So, I think I need to be looking at my AP configuration and see why Google Home doesn't like them (or why they don't like Google home !!).

    Just wanted to provide some feedback. I was looking in the wrong direction and it might help someone else. its off to Ubiquiti I go.

    Niall.

  • 0 in reply to Niall Farrell

    Please do Diagnostic-> Packetcapture on XG GUI. Byte: 96 Filter: port 67 or port 68 and post the results that show those two machines to be sure that there are no dropped packets due to Local_ACL

    On the other hand, is right and those google devices may ignore DHCP standards like lease time. Of course all for "better customer experience".

  • 0 in reply to LHerzog

    Hi, tried that. I got absolutely nothing so presuming no dropped packets?

  • 0 in reply to Niall Farrell

    Then the XG is not receiving the DHCP requests. You need to be sure that the DHCP broadcasts go to the XG. MAybe you have routing on switches with thoese VLANs and need to enable DHCP relays.

  • 0 in reply to LHerzog

    It is. Reason I say that is because if I put in a rule in the XG to assign a specific IP based on MAC address, it will pick up that new IP. I changed the packetcapture and eliminated the IP. Actually, reading back on what you said, you didn't actually say the IP, just the ports and filter results by IP. I at least now see something in the log. It's not the IP address but it is that subnet. The bit that is cut off says 'Unreplied'. But at this stage I don't think its the XG. All other devices are grand. It's just my 2 Google Home devices. And I'm having great fun trying to google something with the word google in it !!!

  • 0 in reply to Niall Farrell

    OK, the XG can see the traffic - that's at least one step forward.

    Now check the MAC address in those requests. Scroll down on that page to the details.

    Is the source address from your google hardware?

    @Sophos: Now we have just another DHCP: Violation Local_ACL thread here. When will you finally address this issue?

Reply
  • 0 in reply to Niall Farrell

    OK, the XG can see the traffic - that's at least one step forward.

    Now check the MAC address in those requests. Scroll down on that page to the details.

    Is the source address from your google hardware?

    @Sophos: Now we have just another DHCP: Violation Local_ACL thread here. When will you finally address this issue?

Children
  • 0 in reply to LHerzog

    Hi,

    Yes, there are 2 source addresses in the list ((which has got very long now so I'll turn off the packet capture - 68 pages), and those 2 MAC addresses are the addresses of my 2 Google Home devices. Only difference in our screenshots is yours has a number at the end, whereas mine says 'Unreplied'.

  • 0 in reply to Niall Farrell

    OK now to be sure the XG is actually serving their IP Addresses, please go to live log viewer, select "system" and filter for log comp is DHCP

    then add a filter in the text field containing the MAC address or the last few chraracters from it

    Can you see the log lines like in my screenshot?

  • 0 in reply to Niall Farrell

    as you can see here, the Sophos APX320 device with that MAC address is sending DHCPDISCOVER as Broadcast every 3 seconds now here.

    The XG blocks this with Violation, Local_ACL.

    Regardless of that, the XG is giving an IP address to the device every 12 hours, which is actually the time where the client would first request a renewal of it's DHCP lease. See other screenshot.

    I belive this is a Sophos XG bug.

  • 0 in reply to LHerzog

    Hi,

    Yes I do see the logs as per your screenshot. I actually don't need to filter they come up so often..... Below are 2 instances of each of the 2 devices and you can see from the timestamp the frequency at which they occur.

    My lease is set to max of 30 days. It was the default of 1 day (2880 minutes or something like that). But that changed nothing regarding the frequency of the logs.

  • 0 in reply to Niall Farrell

    Is this a home license? If not, please open a support case. I guess this cannot be fixed here.