> Let med describe a scenario and then perhaps somebody tell me if this is the
> expected result?
> I have a short dhcp lease time for 300 seconds and an idle timeout in the
> captive portal for 900 seconds. It is possible for a client to connect, login
> and then turn off the computer without logging out. Now the dhcp will expire
> and a new client can get the same ip address. However this user is prohibited
> to connect the captive portal until the first clients captive portal session
> expires! The first clients mac address is still locked in the 20000+ firewall
> rules which blockes the second client.
> The "fix" would be to allow longer dhcpd lease times and/or shorter idle
> timeout. However I like short lease times and longer idle timeout values...
I can't imagine generating the traffic involved with a lease that will
renew every 2.5 minutes if the network is of any size. Yes, the
scenario you describe is certainly possible, and the most reasonable way
to resolve it is to make sure that the timeout is equal or shorter than
the possible lease renewal. Since by default DHCP clients should start
requesting renewals at half the lease life, I'd make your DHCP setting
at 1800 seconds (30 minutes) instead. You may still run into the
problem anyway since some machines may release the DHCP lease on
shutdown, so if they shut the machine down they could still release the
IP in < 15 minutes. If possible increasing the size of the DHCP pool
would reduce the likelihood of the same IP being reissued. That doesn't
allow you to restrict maximum clients by controlling the IP pool however.
Do not meddle in the affairs of wizards,
for they are subtle and quick to anger.
-- Gildor Inglorion