A lease is defined as the time period for which a DHCP server allocates a network address to a client. The lease might be extended (renewed) upon subsequent requests. If the client no longer needs the address, it can release the address back to the server before the lease is up. The server is then free to assign that address to a different client if it has run out of unassigned addresses.

The lease period configured for a DHCP server applies to all of the addresses that a single DHCP server (interface) dynamically assigns to its clients. That is, all of that interface’s addresses assigned dynamically are of Unlimited duration or have the same Timeout value. A different DHCP server configured on the firewall may have a different lease term for its clients. A Reserved Address is a static address allocation and is not subject to the lease terms.

Per the DHCP standard, RFC 2131, a DHCP client does not wait for its lease to expire, because it risks getting a new address assigned to it. Instead, when a DHCP client reaches the halfway point of its lease period, it attempts to extend its lease so that it retains the same IP address. Thus, the lease duration is like a sliding window.

Typically if an IP address was assigned to a device, the device was subsequently taken off the network and its lease was not extended, the DHCP server will let that lease run out. Because the client is gone from the network and no longer needs the address, the lease duration in the server is reached and the lease is in “Expired” state.

The firewall has a hold timer that prevents the expired IP address from being reassigned immediately. This behavior temporarily reserves the address for the device in case it comes back onto the network. But if the address pool runs out of addresses, the server re-allocates this expired address before the hold timer expires. Expired addresses are cleared automatically as the systems needs more addresses or when the hold timer releases them.

In the CLI, use the show dhcp server lease operational command to view lease information about the allocated IP addresses. If you don’t want to wait for expired leases to be released automatically, you can use the clear dhcp lease interface <interface> expired-only command to clear expired leases, making those addresses available in the pool again. You can use the clear dhcp lease interface <interface> ip <ip_address> command to release a particular IP address. Use the clear dhcp lease interface <interface> mac <mac_address> command to release a particular MAC address.