DHCP Address Allocation Methods
There are three ways that a DHCP server either assigns or sends an IP address to a client:
Automatic allocation —The DHCP server assigns a permanent IP address to a client from its IP Pools. On the firewall, a Lease specified as Unlimited means the allocation is permanent. Dynamic allocation —The DHCP server assigns a reusable IP address from IP Pools of addresses to a client for a maximum period of time, known as a lease. This method of address allocation is useful when the customer has a limited number of IP addresses; they can be assigned to clients who need only temporary access to the network. See the DHCP Leases section. Static allocation —The network administrator chooses the IP address to assign to the client and the DHCP server sends it to the client. A static DHCP allocation is permanent; it is done by configuring a DHCP server and choosing a Reserved Address to correspond to the MAC Address of the client device. The DHCP assignment remains in place even if the client logs off, reboots, has a power outage, etc.
Static allocation of an IP address is useful, for example, if you have a printer on a LAN and you do not want its IP address to keep changing, because it is associated with a printer name through DNS. Another example is if a client device is used for something crucial and must keep the same IP address, even if the device is turned off, unplugged, rebooted, or a power outage occurs, etc.
Keep these points in mind when configuring a Reserved Address:
It is an address from the IP Pools. You may configure multiple reserved addresses. If you configure no Reserved Address, the clients of the server will receive new DHCP assignments from the pool when their leases expire or if they reboot, etc. (unless you specified that a Lease is Unlimited). If you allocate all of the addresses in the IP Pools as a Reserved Address, there are no dynamic addresses free to assign to the next DHCP client requesting an address. You may configure a Reserved Address without configuring a MAC Address. In this case, the DHCP server will not assign the Reserved Address to any device. You might reserve a few addresses from the pool and statically assign them to a fax and printer, for example, without using DHCP.
DHCP Leases
A lease is defined as the time period for which a DHCP server allocates a network address to a client. The lease might be extended (renewed) upon subsequent requests. If the client no longer needs the address, it can release the address back to the server before the lease is up. The server is then free to assign that address to a different client if it has run out of unassigned addresses.
The lease period configured for a DHCP server applies to all of the addresses that a single DHCP server (interface) dynamically assigns to its clients. That is, all of that interface’s addresses assigned dynamically are of Unlimited duration or have the same Timeout value. A different DHCP server configured on the firewall may have a different lease term for its clients. A Reserved Address is a static address allocation and is not subject to the lease terms.
Per the DHCP standard, RFC 2131, a DHCP client does not wait for its lease to expire, because it risks getting a new address assigned to it. Instead, when a DHCP client reaches the halfway point of its lease period, it attempts to extend its lease so that it retains the same IP address. Thus, the lease duration is like a sliding window.
Typically if an IP address was assigned to a device, the device was subsequently taken off the network and its lease was not extended, the DHCP server will let that lease run out. Because the client is gone from the network and no longer needs the address, the lease duration in the server is reached and the lease is in “Expired” state.
The firewall has a hold timer that prevents the expired IP address from being reassigned immediately. This behavior temporarily reserves the address for the device in case it comes back onto the network. But if the address pool runs out of addresses, the server re-allocates this expired address before the hold timer expires. Expired addresses are cleared automatically as the systems needs more addresses or when the hold timer releases them.
In the CLI, use the show dhcp server lease operational command to view lease information about the allocated IP addresses. If you do not want to wait for expired leases to be released automatically, you can use the clear dhcp lease interface <interface> expired-only command to clear expired leases, making those addresses available in the pool again. You can use the clear dhcp lease interface <interface> ip <ip_address> command to release a particular IP address. Use the clear dhcp lease interface <interface> mac <mac_address> command to release a particular MAC address.

Related Documentation