Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense unifi dhcp problem DHCPREQUEST / DHCPACK vs DHCPDISCOVER / DHCPOFFER

    Scheduled Pinned Locked Moved DHCP and DNS
    8 Posts 2 Posters 985 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lobanz
      last edited by

      Weird problem. I have a couple of access points and they are configured with two different Unifi networks with different VLANs (VID 47 and 10). PCs, phones, etc are on 47. Only servers and other infrastructure components on 10.

      WiFi DHCP on the 47 SSID works, but DHCP on the 10 SSID doesnt. Both work when a laptop is plugged into the same ports instead of the APs.

      Here's the equipment:

      • AP -> switch port -> lagg0 -> pfsense

      My Unifi controller (and all my servers) is on VLAN 10.

      The pfSense has interfaces for the 47 and 10 VLANs with working DHCP servers on both -- works fine with a PC plugged into the switch port instead of the AP. But DHCP over WiFi only works for PC's and phones over the 47 VLAS SSID, but not 10. Traffic seems to be flowing fine over lagg0.

      The switch ports are on a cisco SG-500 and the VLANs are:

      AP port (trunk port):

      • 47 tagged
      • 10 untagged (PVID native)

      Unifi Controller port (access port)

      • 10 untagged (PVID native)

      lagg0 trunk ports:

      • 47 tagged
      • 10 tagged
      • 254 untagged

      The main differences between 47 (working) and 10 (not working) is that 47 is tagged on the AP port and 10 is not.

      Here's the pfSense DHCP logs of a failed DHCP on VLAN 10, and a successful DHCP on VLAN 47.

      Aug 2 15:48:59	dhcpd	41631	DHCPACK on 192.168.47.102 to b2:e5:7a:f5:f6:7d (My-Phone) via lagg0.47
Aug 2 15:48:59	dhcpd	41631	DHCPREQUEST for 192.168.47.102 from b2:e5:7a:f5:f6:7d (My-Phone) via lagg0.47
Aug 2 15:48:59	dhcpd	41631	reuse_lease: lease age 1621 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.47.102
Aug 2 15:48:54	dhcpd	41631	DHCPOFFER on 192.168.10.108 to 82:3e:1b:78:60:1f (My-Phone) via lagg0.10
Aug 2 15:48:54	dhcpd	41631	DHCPDISCOVER from 82:3e:1b:78:60:1f (My-Phone) via lagg0.10
Aug 2 15:48:47	dhcpd	41631	DHCPOFFER on 192.168.10.108 to 82:3e:1b:78:60:1f (My-Phone) via lagg0.10
Aug 2 15:48:47	dhcpd	41631	DHCPDISCOVER from 82:3e:1b:78:60:1f (My-Phone) via lagg0.10
Aug 2 15:48:43	dhcpd	41631	DHCPOFFER on 192.168.10.108 to 82:3e:1b:78:60:1f (My-Phone) via lagg0.10
Aug 2 15:48:43	dhcpd	41631	DHCPDISCOVER from 82:3e:1b:78:60:1f (My-Phone) via lagg0.10
Aug 2 15:48:41	dhcpd	41631	DHCPOFFER on 192.168.10.108 to 82:3e:1b:78:60:1f (My-Phone) via lagg0.10
Aug 2 15:48:40	dhcpd	41631	DHCPDISCOVER from 82:3e:1b:78:60:1f via lagg0.10

      Anybody else run into this?

      Thanks!

      --- Lobanz

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Lobanz
        last edited by

        @Lobanz first thing I would do to start troubleshooting this is git rid of the lagg..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 1
        • L
          Lobanz
          last edited by Lobanz

          More info.

          I greated another SSID on vlan 200 (GUEST) and its get DHCP just fine.

          Looks like it has something to do with vlan 10. It's the only vlan that has something plugged into a physical switch port. The others just flow through the LAGG to the pfsense router.

          --- Lobanz

          L 1 Reply Last reply Reply Quote 0
          • L
            Lobanz @Lobanz
            last edited by Lobanz

            Even more info. Getting there. Looks like it has something to do with VLAN 10 being untagged

            So, the APs are plugged into switch ports P1 and P2. The Unifi Controller is on P5.

            Again, the VLANS are as follows:

            • 10 - SERVERS
            • 47 - CLIENTS
            • 200 - GUEST
            • 4000 - default VLAN

            Inititally the VLANs were setup as follows (T is tagged, U is untagged aka "native" aka "PVID"):

            • P1, P2: 10U, 47T, 200T
            • P5: 10U

            So I changed the switch port VLAN settings so that they are like this:

            • P1, P2: 10T, 47T, 200T, 4000U
            • P5: 10T, 47T, 200T, 4000U

            So, in this configuration, the WiFi client DHCP worked on all the SSIDs coresponding to these VLANs! HOWEVER, the Unifi Controller couldn't see them.

            I've always read that the APs and the Unifi Controller must be on the same native (untagged) VLAN. Seems to be true.

            Do I really need to set up a separate VLAN just for the Unifi devices to get DHCP to work on the other VLANs?

            --- Lobanz

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Lobanz
              last edited by johnpoz

              @Lobanz the controller and AP can be on a tagged vlan.. They added this feature quite some time ago.

              But yes controller and AP are untagged, mine currently are. And I also have a SSID that is untagged, and other SSIDs that are tagged. The untagged vlan is the same the AP and controller are on.

              Actually I have 2 ssids that end up on the untagged network. One use psk, the other is eap-tls..

              vlans.jpg

              That wlan network is untagged, all the other networks are tagged..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              L 1 Reply Last reply Reply Quote 1
              • L
                Lobanz @johnpoz
                last edited by Lobanz

                @johnpoz Awesome!

                Getting there!

                networks.png

                wifi.png

                So, essentiually, on the networks screen, the top section is UNTAGGED networks, and the "Virtual Networks" are the TAGGED networks. That helps!

                So, then I made my PPD_SERVERS SSID point to the Default network (the same VLAN (10) where the Unifi Controller and the APs live) it started working. But if I define a WiFi SSID that is tagged for VLAN 10, it no werky.

                So one more question:

                Why can't I rename the "Default" network to something else?

                Running Network Version 7.4.162. AP firmware 6.5.62.14788.

                --- Lobanz

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @Lobanz
                  last edited by

                  @Lobanz as to renaming it - hmmm.. Never looked into that. I named mine from the get go from what I can remember..

                  I am running 7.5.169 for controller. And 6.5.64 for firmware.

                  Ah -- you prob need to switch to the legacy interface to change the network name.

                  rename.jpg

                  As to 10 not working when you tagged it - because it wasn't a tagged vlan.. On your switch ports..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  L 1 Reply Last reply Reply Quote 0
                  • L
                    Lobanz @johnpoz
                    last edited by

                    @johnpoz said in pfsense unifi dhcp problem DHCPREQUEST / DHCPACK vs DHCPDISCOVER / DHCPOFFER:

                    Ah -- you prob need to switch to the legacy interface to change the network name.

                    Ha! Yes. I flipped back to legacy, made the change and then found my way back to the new interface. Now it's the way I want it. Thanks!

                    networks2.png

                    SOLVED!

                    --- Lobanz

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.