WiFi host can’t pull an IP from DHCP
-
@dominikhoffmann said in WiFi host can’t pull an IP from DHCP:
What is still blocking access from that 192.168.13.0/24 subnet to the DHCP server?
That is an easy one. It is pfSense or the Switch or the AP.
-
I just did my 11th comparison between the guest WiFi and IoT WiFi setup on my APs. Everything is identically setup, except for the VLAN tags.
The same with the port tagging on the switch.
I think, I am missing something in the pfSense configuration.
-
@dominikhoffmann On pfSense you only have to assign the IP and enable DHCP on that VLAN-interface. My guess would be your switch (or AP) and tagging...
Feel free to post images of everything you have done, even if it is not on pfSense but start with it.
-
@dominikhoffmann
Sniff the traffic on the IoT interface, while you attach a device to this Wifi to see, if the communication on the VLAN is working at all. -
Here is my switch VLAN tagging:
The APs are configured like this:
My pfSense appliance has these configuration elements:
-
It’s not the firewall block rules, as toggling those off does not fix anything.
-
Based on the firewall rules there is no traffic on the home automation network:
versus this on the guest WiFi network:
-
@dominikhoffmann
I was requesting a Diagnostics > Packet Capture.There is no rule to allow DHCP traffic, even it is implicitly allowed. So you won't see any packet matching a rule there.
-
@dominikhoffmann So you have switchports inside of pfSense which I don't have, could make thinks different.
And your switch has only one place to configure VLANs?
Same goes for the AP, maybe it can be differentiated if you want the VLANs only in the AP or also outside of the AP?
-
@dominikhoffmann
WAN net is just the network assigned by your ISP, it's not the internet.You don't show if you're vlans are tagged or untagged on your switch.
Assuming you have 3 AP's? Ports 2, 3 and 4? With 8 going to the router?if so, ports 2, 3, 4 and 8 should all be set with your LAN as pvid as untagged, and vlans 11 and 13 as tagged.
Is that what you have? -
@jarhead said in WiFi host can’t pull an IP from DHCP:
You don't show if you're vlans are tagged or untagged on your switch.
Here is how the port tagging on the switch is presented:
Assuming you have 3 AP's? Ports 2, 3 and 4? With 8 going to the router?
That’s the way I have it set up.
-
@bob-dig said in WiFi host can’t pull an IP from DHCP:
And your switch has only one place to configure VLANs?
Both VLANs are on the switch port associated with the physical OPT port, because that’s where the Ethernet going to my switch is plugged in.
Same goes for the AP, maybe it can be differentiated if you want the VLANs only in the AP or also outside of the AP?
If I had the VLANs only inside the AP, I couldn’t use the pfSense firewall to block access to my LAN from those two VLANs. They are supposed to provide internet access, only, and no access to other hosts or devices on my home LAN.
-
Here is the result of the packet capture running for about 90 s, while my iPhone was trying to get onto the newly set-up VLAN ID 13 WiFi network:
Nothing! Let me think about what that implies.
Here is a packet capture with my phone getting onto the VLAN ID 11 WiFi network (successfully):
So, evidently, devices trying to get onto VLAN ID 13 don’t get an IP address, because their DHCP request never gets to the pfSense appliance.
-
@dominikhoffmann What's running at 11.1?
this implies the request comes in (UDP port 68) and a response goes out.
-
I would run the capture on the VLAN on port UDP 68 and nothing else... just sniff the traffic. The extra stuff showing up is unhelpful.
-
@rcoleman-netgate said in WiFi host can’t pull an IP from DHCP:
I would run the capture on the VLAN on port UDP 68 and nothing else... just sniff the traffic. The extra stuff showing up is unhelpful.
Well, that's from the VLAN that’s working. The same packet capture running on the VLAN that is not is just crickets.
-
I thought of another troubleshooting step: I will temporarily re-tag my guest network with VLAN ID 13 (from VLAN 11) and will see, what happens.
-
What is the Interfaces->Switches Ports and VLAN tabs like?
You have a device with a built-in switch, you have VLANs not communicating, I don't see any screenshots of the actually Netgate's 1) Model number and 2) built-in switch programming.
Here are the pages on my 7100:
-
@dominikhoffmann
So something with the VLAN configuration on one of the involved devices might be wrong. You should recheck all settings. I'd suspect the switch. -
The APs routing the IoT WiFi SSID through the VLAN ID 11 interface works, while the APs routing the guest WiFi SSID through the VLAN ID 13 interface does not work.