Wyse thin client firmware and DHCP problmes.

Hi.

I have recently replaced some SonicWALL devices in our branch offices with Cisco ASA5506X devices. They are running Firepower Threat Defence. 6.2.0.0. (NOT ASA). Behind the ASA5506Xs are Wyse thin client devices, Model No Cx0, Prod Id C10LE. The Wyse devices obtain a DHCP address form the Cisco ASA5506X, then pull down their config from the head office, via a site to site VPN set up by  the Cisco device to a peer.

It mostly works.

The problem I have, is that the Wyse devices do not renew their DHCP lease. Lease time is set to one hour, and there seems no way to change this on the Cisco device. After an hour, the Wyse just displays "DCHP lease expired", and kicks the user out. Power cycling the device allows them to continue their session once more. Other devices (the occasional PC) work fine. The Wyse devices work fine when getting their DHCP leases from other DHCP servers, however every other DHCP server they have used has been configured with a lease of over a week.

It seems to me that the firmware on the Wyse devices have a problem, so I would like to upgrade it. Current versions is 8.0_210. I have checked with Dell, it seems that I need a support contract to access firmware. These devices, however, are documented as "End of life" in May 2014, so a contract cannot be had. This is odd, as several of our devices have a manufacture date of July 2014.

So questions:
1. Has anyone seen these devices exhibit this behaviour before?
2. Any hints as to how I might obtain newer firmware?
LVL 22
Mal OsborneAlpha GeekAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Panagiotis ToumpaniarisSystem EngineerCommented:
Hello,

In Firepower threat defense configuration, In "DHCP" -> "DHCP Server" Settings, there should be an option "Lease Length" that equals to the lease time in seconds. The default is 3600 seconds for 1 hour. You can change it to 43200 for 12 hours or 86400 for 1 day, or any other value you want up to 1048575 seconds.

Hope it helps,
Panagiotis
0
Mal OsborneAlpha GeekAuthor Commented:
I am not using FMC, but managing the ASA5508X directly. Does not seem to have an option for DHCP lease time.
0
Panagiotis ToumpaniarisSystem EngineerCommented:
In CLI can't you change option 51 ?  
something like
dhcpd option 51 43200

Open in new window

That is the lease time and it should be implemented according to RFC 2132.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Mal OsborneAlpha GeekAuthor Commented:
CLI configuration is not supported at all with the FTD software.
0
Panagiotis ToumpaniarisSystem EngineerCommented:
On Cisco website says that you can log in to CLI via SSH (or console cable):

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-get-started.html#concept_7DA124053BC84D67AB6C402A04635C9C

Have I understood something wrong?

If you can not configure DHCP lease time, then there isn't much you can do other than upgrade the clients using the orthodox (pay - wait - upgrade) route, which isn't recommended for machines that have been EOL'd for so long..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mal OsborneAlpha GeekAuthor Commented:
I am assuming that the EOL on the Wyse clients is an error. It is not normal for anything to be EOL'd months before it is made! Getting newer firmware from Dell is proving bloody difficult though.
0
Mal OsborneAlpha GeekAuthor Commented:
My understanding is that with the FTD firmware, only configuration via the GUI, or an FMC is supported, the CLI can be used for troubleshooting only.

Having said that, I guess it will do no harm to attempt to configure DHCP lease time that way, I will give it a try.
0
Mal OsborneAlpha GeekAuthor Commented:
For anyone following, I logged a call with Cisco TAC, they confirmed that the DHCP lease cannot be changed.

Still chasing up newer firmware from Dell, this requires a HEAP of hoop jumping and whipping out a credit card.

Guess my luck is running low, a DHCP server with an unconfigurable lease time, and a DHCP client that can't renew a lease are both something I never recall running into before. :(
0
Panagiotis ToumpaniarisSystem EngineerCommented:
Dear Author
that is a really unlucky combination there indeed. Although having said that, the problem with the client is clearly a bug and shouldn't require a payment to fix. As if the wyse clients weren't over priced to begin with..

Keep us posted, and good luck!
0
Mal OsborneAlpha GeekAuthor Commented:
Still working on this. :(

I have so far managed to pay for "software maintenance" on the Wyse firmware, but it is still proving awkward to actually obtain it. Unsure if it will fix the issue.
0
Panagiotis ToumpaniarisSystem EngineerCommented:
Paying for overpriced thin clients would suggest better support on the long run, but I guess this is just wishful thinking.
Cancel the request for closing if you like so that you can close it when you have actually have the problem solved.

Honestly, I thought that paying for support would ultimately worked out a solution... Hope that everything works out in the end.
0
Panagiotis ToumpaniarisSystem EngineerCommented:
Well after all said, paying up for a firmware upgrade must have been the only solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.