• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

Wyse thin client firmware and DHCP problmes.

Hi.

I have recently replaced some SonicWALL devices in our branch offices with Cisco ASA5506X devices. They are running Firepower Threat Defence. 6.2.0.0. (NOT ASA). Behind the ASA5506Xs are Wyse thin client devices, Model No Cx0, Prod Id C10LE. The Wyse devices obtain a DHCP address form the Cisco ASA5506X, then pull down their config from the head office, via a site to site VPN set up by  the Cisco device to a peer.

It mostly works.

The problem I have, is that the Wyse devices do not renew their DHCP lease. Lease time is set to one hour, and there seems no way to change this on the Cisco device. After an hour, the Wyse just displays "DCHP lease expired", and kicks the user out. Power cycling the device allows them to continue their session once more. Other devices (the occasional PC) work fine. The Wyse devices work fine when getting their DHCP leases from other DHCP servers, however every other DHCP server they have used has been configured with a lease of over a week.

It seems to me that the firmware on the Wyse devices have a problem, so I would like to upgrade it. Current versions is 8.0_210. I have checked with Dell, it seems that I need a support contract to access firmware. These devices, however, are documented as "End of life" in May 2014, so a contract cannot be had. This is odd, as several of our devices have a manufacture date of July 2014.

So questions:
1. Has anyone seen these devices exhibit this behaviour before?
2. Any hints as to how I might obtain newer firmware?
0
Mal Osborne
Asked:
Mal Osborne
  • 6
  • 6
2 Solutions
 
Panagiotis ToumpaniarisSystem EngineerCommented:
Hello,

In Firepower threat defense configuration, In "DHCP" -> "DHCP Server" Settings, there should be an option "Lease Length" that equals to the lease time in seconds. The default is 3600 seconds for 1 hour. You can change it to 43200 for 12 hours or 86400 for 1 day, or any other value you want up to 1048575 seconds.

Hope it helps,
Panagiotis
0
 
Mal OsborneAlpha GeekAuthor Commented:
I am not using FMC, but managing the ASA5508X directly. Does not seem to have an option for DHCP lease time.
0
 
Panagiotis ToumpaniarisSystem EngineerCommented:
In CLI can't you change option 51 ?  
something like
dhcpd option 51 43200

Open in new window

That is the lease time and it should be implemented according to RFC 2132.
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
Mal OsborneAlpha GeekAuthor Commented:
CLI configuration is not supported at all with the FTD software.
0
 
Panagiotis ToumpaniarisSystem EngineerCommented:
On Cisco website says that you can log in to CLI via SSH (or console cable):

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-get-started.html#concept_7DA124053BC84D67AB6C402A04635C9C

Have I understood something wrong?

If you can not configure DHCP lease time, then there isn't much you can do other than upgrade the clients using the orthodox (pay - wait - upgrade) route, which isn't recommended for machines that have been EOL'd for so long..
0
 
Mal OsborneAlpha GeekAuthor Commented:
I am assuming that the EOL on the Wyse clients is an error. It is not normal for anything to be EOL'd months before it is made! Getting newer firmware from Dell is proving bloody difficult though.
0
 
Mal OsborneAlpha GeekAuthor Commented:
My understanding is that with the FTD firmware, only configuration via the GUI, or an FMC is supported, the CLI can be used for troubleshooting only.

Having said that, I guess it will do no harm to attempt to configure DHCP lease time that way, I will give it a try.
0
 
Mal OsborneAlpha GeekAuthor Commented:
For anyone following, I logged a call with Cisco TAC, they confirmed that the DHCP lease cannot be changed.

Still chasing up newer firmware from Dell, this requires a HEAP of hoop jumping and whipping out a credit card.

Guess my luck is running low, a DHCP server with an unconfigurable lease time, and a DHCP client that can't renew a lease are both something I never recall running into before. :(
0
 
Panagiotis ToumpaniarisSystem EngineerCommented:
Dear Author
that is a really unlucky combination there indeed. Although having said that, the problem with the client is clearly a bug and shouldn't require a payment to fix. As if the wyse clients weren't over priced to begin with..

Keep us posted, and good luck!
0
 
Mal OsborneAlpha GeekAuthor Commented:
Still working on this. :(

I have so far managed to pay for "software maintenance" on the Wyse firmware, but it is still proving awkward to actually obtain it. Unsure if it will fix the issue.
0
 
Panagiotis ToumpaniarisSystem EngineerCommented:
Paying for overpriced thin clients would suggest better support on the long run, but I guess this is just wishful thinking.
Cancel the request for closing if you like so that you can close it when you have actually have the problem solved.

Honestly, I thought that paying for support would ultimately worked out a solution... Hope that everything works out in the end.
0
 
Panagiotis ToumpaniarisSystem EngineerCommented:
Well after all said, paying up for a firmware upgrade must have been the only solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now