Trying to resolve a repeating issue with separate subnets disconnecting other subnets.
-
I have reconfigured a new pfsense setup on a new machine (dedicated), the previous setup was also dedicated. Here is the issue I have been having with both previous and current setup.
Base Network:
WAN is dedicated NIC.
The LAN is 172.x.x.x
This is for two PC's, workstations.
This is a dedicated NIC going to a switch just for these two PC's.
All works excellent.Secondary Subnets Needed:
I have PoE cameras connected to a PoE switch that must have subnets 192.168.1.0/24 and 10.x.x.x/24
I have a 2-port NIC in which I designated 1 port to 192.168.1.0/24 DHCP and the other port to 10.x.x.x/24 DHCP. This is the PoE networks and will have a separate PC on that network running AgentDVR for monitoring cameras. This does not need to communicate with the 172.x.x.x/24 network, it can be separate, doesn't matter, as long as there is no issues. Which there is.
Issue:
Everything works fine until I plug the eth cable from the PoE switch to these ports, then the PC's on the 172.x.x.x/24 network get disconnected. This does not make sense since the subnets and NICS are different. This disconnect does not need to happen.
This is probably something simple I have missed, and may figure it out before long, but thought I would post here for any feedback.
I need to keep the first base network of 172.x.x.x/24 locked down without it getting disrupted by setting up my other subnets on the other NICS.
Edit:
I am hoping to avoid setting up VLANs for this scenario, but will do it if it is the best option. If that is the best option, then should the VLAN be set up for LAN, or for the PoE camera networks? -
@TGurlBridge so you added another dual port nic to pfsense. And you assigned 192.168.1.1/24 to one interface and 10.0.0.1/24 to the other interface - and then this these plug into what exactly..
Bringing up new interfaces in pfsense should have no effect on your other interfaces/networks - other than say shutting down pfsense to add a card..
-
@johnpoz said in Trying to resolve a repeating issue with separate subnets disconnecting other subnets.:
@TGurlBridge so you added another dual port nic to pfsense. And you assigned 192.168.1.1/24 to one interface and 10.0.0.1/24 to the other interface - and then this these plug into what exactly..
Bringing up new interfaces in pfsense should have no effect on your other interfaces/networks - other than say shutting down pfsense to add a card..
Those two ports with different subnets plug into the two LAN ports (2× Gigabit RJ45 ports) of a TP-Link TL SL-1226P PoE Switch. It is a un-managed switch with PoE capabilities. Works well for the camera setup. No issues except for this disconnect, which I doubt has anything to do with the switch.
I could test moving those two cables to two of the 24× Fast Ethernet Ports, but I don't think that would make a difference, as you said, "Bringing up new interfaces in pfsense should have no effect on your other interfaces/networks"
Edit:
All NICS were already installed, not added. -
@TGurlBridge said in Trying to resolve a repeating issue with separate subnets disconnecting other subnets.:
It is a un-managed switch with PoE capabilities
your going to have all kinds of issues plugging into the same dumb switch with untagged/native networks. You are running multiple L3 on the same L2..
You should use 2 different dumb switches, or get a smart switch so you can isolate at L2.
I mean you can do it - but dhcp wouldn't work for both networks - you would have to pick what dhcp you hand out, and the other you would have to set static on the device.
Running multiple L3 networks on the same L2 is not a good idea..
-
@johnpoz Yeh. These cameras have given me hell. The ones on the 192.168.x.x network can't be changed (came with a cheap DVR set up and I don't have the original box to reset them), the other cameras on the 10.x.x.x network can be reset, but with difficulty. 10 cameras total at the moment.
So, if I can get them all on the same subnet, then that would help? (Which I should probably try to do anyways.)
-
@TGurlBridge yeah put them on the same L3 network, if they are going to be on the same L2 - ie just some dumb switch.
If you want them to be on different L3 networks - either use 2 different switches or get a smart switch that can do vlans, then you can isolate them.
-
@johnpoz So the disconnect stopped after the following, so the multiple subnets was the issue (which I still don't see how that would effect the 172.x.x.x subnet, but it did). I'll still have to sort out these cameras that are stuck on the other subnet though.
Created interface for both ports of the 2 port NIC.
Created a bridge for both.
Assigned static IP 192.168.1.1 on bridge
Enabled DHCP server on bridge.Basically left out the 10.x.x.x/24 subnet this time.
Getting those camera signals, just have to find them on the network again.
-
@TGurlBridge said in Trying to resolve a repeating issue with separate subnets disconnecting other subnets.:
Created a bridge for both.
Why would you do that??
-
@johnpoz to use both ports on the 192.168. I don't have to I guess, I don't wont anything on that nic but the poe setup. I don't think bridge will make difference either way. Just did it to combine both ports. Any reason I should not use it bridged? Seems ok at the moment.
-
@TGurlBridge said in Trying to resolve a repeating issue with separate subnets disconnecting other subnets.:
Just did it to combine both ports
Well for starters if you plug them into some dumb switch you just created a LOOP!!
-
@johnpoz Ok, yep. Still allot I don't understand, working on it though. Was causing high CPU from it. I always figured the steady stream of data on the graph was normal for PoE cameras hooked up on the network. Guess not.
Now I have that extra port unassigned on that NIC, assign it something later I guess, if needed.
-
@TGurlBridge said in Trying to resolve a repeating issue with separate subnets disconnecting other subnets.:
Now I have that extra port unassigned on that NIC, assign it something later I guess, if needed.
Now that sounds like a solid plan..
