Local clients don't get Router / gateway address - intermittent

Cabledude

@nollipfsense said in Local clients don't get Router / gateway address - intermittent:

@cabledude If the below is a Mac, it always shows the router it got the IP from and this has IP not in 192.168.1.2 - 192.168.1.254 range.

Exactly. But VLANs work differently. This is VLAN 10. The client received 192.168.10.60 and the gateway is 192.168.10.1. Trust me this is as designed.

The question at hand here is why the DHCP server doesn't issue the gateway, be it 192.168.1.1 (for LAN) or 192.168.xx.1 (for VLAN xx), which is more and more likely caused by ISP modem hiccups.

Just FYI after rebooting the ISP modem, the clients get gateway again (192.168.10.1) and work as expected.

And to wrap it up this is the DNS server issued by the pfSense DHCP server:

NollipfSense

@cabledude So, the ISP modem/router is doing both DNS and DHCP...pfSense is not in the loop...using it just as a firewall?

Cabledude

@nollipfsense said in Local clients don't get Router / gateway address - intermittent:

@cabledude So, the ISP modem/router is doing both DNS and DHCP...pfSense is not in the loop...using it just as a firewall?

Not at all. pfSense is the only DHCP server in the entire network.
The ISP modem (cable 100/40) is in bridge mode, so the pfSense box (SG-1100) gets the WAN directly from the ISP server via WAN DHCP. Then it also runs the DHCP server for the LAN side, including all VLANs.

NollipfSense

@cabledude Okay, so, pfSense LAN must be 192.168.10.1 or I am confused on your network. At least, the DNS resolve to 192.168.10.1 for host name sg.home.arpa...

Cabledude

@nollipfsense said in Local clients don't get Router / gateway address - intermittent:

@cabledude Okay, so, pfSense LAN must be 192.168.10.1 or I am confused on your network. At least, the DNS resolve to 192.168.10.1 for host name sg.home.arpa...

Like i said, VLANs work differently. pfSense is at 192.168.1.1, so LAN is at 192.168.1.x, VLAN10 is at 192.168.10.x, VLAN20 is at 192.168.20.x etc.
If you have VLANs set up you would see what I mean.

NollipfSense

@cabledude said in Local clients don't get Router / gateway address - intermittent:

If you have VLANs set up you would see what I mean.

No...never need to do it despite having complex networks.

Cabledude

@stephenw10 said in e6000sw0port3: link state changed to DOWN:

The LAN side DHCP issue could be unrelated. It could be a rogue DHCP server in some other device for example. Check the logs for reported IP conflicts.

Hello Steve,
Hopefully we can continue this topic here. No items of interest in the DHCP log. But I have no other DHCP-capable devices, so this would seem impossible.

By the way there is a gap in the general log
@stephenw10 said in e6000sw0port3: link state changed to DOWN:

The LAN side DHCP issue could be unrelated. It could be a rogue DHCP server in some other device for example. Check the logs for reported IP conflicts.

Hello Steve,
Hopefully we can continue this topic here. No items of interest in the DHCP log. But I have no other DHCP-capable devices, so this would seem impossible.

By the way there is a gap in the general log. Don't know what that means. And yes the unit has been on and fully functional during that time.

Knowing the cable modem will fail again, I consider my network to be unreliable until cause found.

After resetting only the cable modem (three days ago) not a single DHCP issue, which makes me think the "link down" and "DHCP gateway" issues could be related.

The takeaway is that if the cable modem is the cause, pfSense should still keep chugging along, independently. Or am I wrong to assume this?

Some questions:
#1 Is the "clients don't get gateway from pfSense DHCP" an issue that you see more often?

#2 Could it be worthwhile to copy the config to a spare SG-1100 and swap?

#3 support options
I don't have the budget to buy TAC Pro. Does netgate have any other support options such as just for one incident? Where I could send logs etc.? Or would the price for this quickly exceed a year's worth of TAC Pro.

Cabledude

Just to add:

Ever since upgrading the SG-1100 from UFS to ZFS (full wipe and config restore), the UI performance has gone down quite a bit. Invoking the dashboard takes around 9 seconds, as does logging in.
From dashboard load, when going to CPU info, it can sometimes take a full minute easily before the CPU shows, but I’ve also seen 7 seconds.
CPU usage with dashboard open is around 75-80%.

Here is the detailed CPU info:

rcoleman-netgate

@cabledude Dashboard UI will add to your CPU loads, too, so I wouldn't judge it from there.

Cabledude

So I learned that pfsense DHCP doesn't advertise router when the default gateway is down. The same happens when I simply unplug the WAN cable from the netgate. This may be by design, if so it isn't a malfunction.

I also noticed that when an internet outage occurs, the tiny square shaped 100/1000mbit and traffic leds next to the netgate SG-1100 WAN RJ45 socket go out completely, although the cable is still attached firmly.

1. No lights, no connection.
2. No connection, no gateway.
3. No gateway, no router advertisement
   Right?

So this only leaves one issue to tackle: why is the connection from cable modem LAN1 port (bridge mode) to netgate WAN port going down with cable still attached?

Cabledude

@stephenw10
Could you or any other Netgate representative confirm that pfSense doesn't send gateway info when no WAN connection is up, e.g. when no WAN cable attached or service down?

This from the Netgate docs:
"DHCP also sends configuration information to clients such as a gateway, DNS servers, domain name, and other useful settings." See here.

I have a factory reset SG-1100 here with only LAN cable attached and my macbook gets no gateway info, just IP and DNS.

Cabledude

Just to clear things up: the issue has been resolved. I just still don't know what was going on. I manage two networks with Netgate 1100's and both were at 22.05 at the time and both exhibited this behaviour. After upgrading to 23.05 the issue was gone.