Mal Osborne
asked on
Wyse thin client firmware and DHCP problmes.
Hi.
I have recently replaced some SonicWALL devices in our branch offices with Cisco ASA5506X devices. They are running Firepower Threat Defence. 6.2.0.0. (NOT ASA). Behind the ASA5506Xs are Wyse thin client devices, Model No Cx0, Prod Id C10LE. The Wyse devices obtain a DHCP address form the Cisco ASA5506X, then pull down their config from the head office, via a site to site VPN set up by the Cisco device to a peer.
It mostly works.
The problem I have, is that the Wyse devices do not renew their DHCP lease. Lease time is set to one hour, and there seems no way to change this on the Cisco device. After an hour, the Wyse just displays "DCHP lease expired", and kicks the user out. Power cycling the device allows them to continue their session once more. Other devices (the occasional PC) work fine. The Wyse devices work fine when getting their DHCP leases from other DHCP servers, however every other DHCP server they have used has been configured with a lease of over a week.
It seems to me that the firmware on the Wyse devices have a problem, so I would like to upgrade it. Current versions is 8.0_210. I have checked with Dell, it seems that I need a support contract to access firmware. These devices, however, are documented as "End of life" in May 2014, so a contract cannot be had. This is odd, as several of our devices have a manufacture date of July 2014.
So questions:
1. Has anyone seen these devices exhibit this behaviour before?
2. Any hints as to how I might obtain newer firmware?
I have recently replaced some SonicWALL devices in our branch offices with Cisco ASA5506X devices. They are running Firepower Threat Defence. 6.2.0.0. (NOT ASA). Behind the ASA5506Xs are Wyse thin client devices, Model No Cx0, Prod Id C10LE. The Wyse devices obtain a DHCP address form the Cisco ASA5506X, then pull down their config from the head office, via a site to site VPN set up by the Cisco device to a peer.
It mostly works.
The problem I have, is that the Wyse devices do not renew their DHCP lease. Lease time is set to one hour, and there seems no way to change this on the Cisco device. After an hour, the Wyse just displays "DCHP lease expired", and kicks the user out. Power cycling the device allows them to continue their session once more. Other devices (the occasional PC) work fine. The Wyse devices work fine when getting their DHCP leases from other DHCP servers, however every other DHCP server they have used has been configured with a lease of over a week.
It seems to me that the firmware on the Wyse devices have a problem, so I would like to upgrade it. Current versions is 8.0_210. I have checked with Dell, it seems that I need a support contract to access firmware. These devices, however, are documented as "End of life" in May 2014, so a contract cannot be had. This is odd, as several of our devices have a manufacture date of July 2014.
So questions:
1. Has anyone seen these devices exhibit this behaviour before?
2. Any hints as to how I might obtain newer firmware?
ASKER
I am not using FMC, but managing the ASA5508X directly. Does not seem to have an option for DHCP lease time.
In CLI can't you change option 51 ?
something like
something like
dhcpd option 51 43200
That is the lease time and it should be implemented according to RFC 2132.
ASKER
CLI configuration is not supported at all with the FTD software.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am assuming that the EOL on the Wyse clients is an error. It is not normal for anything to be EOL'd months before it is made! Getting newer firmware from Dell is proving bloody difficult though.
ASKER
My understanding is that with the FTD firmware, only configuration via the GUI, or an FMC is supported, the CLI can be used for troubleshooting only.
Having said that, I guess it will do no harm to attempt to configure DHCP lease time that way, I will give it a try.
Having said that, I guess it will do no harm to attempt to configure DHCP lease time that way, I will give it a try.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Dear Author
that is a really unlucky combination there indeed. Although having said that, the problem with the client is clearly a bug and shouldn't require a payment to fix. As if the wyse clients weren't over priced to begin with..
Keep us posted, and good luck!
that is a really unlucky combination there indeed. Although having said that, the problem with the client is clearly a bug and shouldn't require a payment to fix. As if the wyse clients weren't over priced to begin with..
Keep us posted, and good luck!
ASKER
Still working on this. :(
I have so far managed to pay for "software maintenance" on the Wyse firmware, but it is still proving awkward to actually obtain it. Unsure if it will fix the issue.
I have so far managed to pay for "software maintenance" on the Wyse firmware, but it is still proving awkward to actually obtain it. Unsure if it will fix the issue.
Paying for overpriced thin clients would suggest better support on the long run, but I guess this is just wishful thinking.
Cancel the request for closing if you like so that you can close it when you have actually have the problem solved.
Honestly, I thought that paying for support would ultimately worked out a solution... Hope that everything works out in the end.
Cancel the request for closing if you like so that you can close it when you have actually have the problem solved.
Honestly, I thought that paying for support would ultimately worked out a solution... Hope that everything works out in the end.
Well after all said, paying up for a firmware upgrade must have been the only solution.
In Firepower threat defense configuration, In "DHCP" -> "DHCP Server" Settings, there should be an option "Lease Length" that equals to the lease time in seconds. The default is 3600 seconds for 1 hour. You can change it to 43200 for 12 hours or 86400 for 1 day, or any other value you want up to 1048575 seconds.
Hope it helps,
Panagiotis