strange, can access device if dhcp allocated, but not when reserved
-
Where are you trying to access it from?
What do the firewall states look like when you try?
Are you policy routing the traffic out of the WAN for example?
-
@patient0 said in strange, can access device if dhcp allocated, but not when reserved:
What pfSense version are you using and what DHCP server (ISC DHCP or KEA)?
2.7.2-RELEASE (amd64)
as for DHCP it's services/dhcp server...
G
-
@stephenw10 said in strange, can access device if dhcp allocated, but not when reserved:
Where are you trying to access it from?
What do the firewall states look like when you try?
Are you policy routing the traffic out of the WAN for example?
I'm on the same vlan20 that was giving all issues...
going to try and move it to my IoT vlan100 and see if some how it stabalizes...
As said in another thread, when I DHCP receive address for the Mac I could not even access it, where as if I had DHCP assign it then I could access it until it drops...
something strange going on here...
G
-
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
for DHCP it's services/dhcp server..
He meant which one ISC or KEA
Be it a device gets an IP via dhcp or via a reservation in dhcp or statically set on the device doesn't matter. Unless its getting/has the wrong IP for the network its on, or its not getting an IP at all.. Many devices will set their IP to say 169.254.x.x if set for dhcp but didn't get an IP from the dhcp server.
-
@georgelza System > Advanced > Networking:
Server Backend: Kea DHCP or ISC DHCP (Deprecated)?
-
@patient0 ok, sorry, gap in knowledge...
when I do a dhcp reserve then i cant even get onto device.
when i dhcp reserve then i get onto device but it drops off network eventually, it most times come back... but it's unstable...if you tell me what to go look where I can.
G
-
@georgelza again what dhcp are you running isc or kea? You should see it in the dhcp server settings
Kea is still preview - and can have issues still
Does your client get a valid IP or not.. With valid settings, gateway, etc. Does really matter how your device gets the ip be it from a pool or reservation in the dhcp server or you set it locally on the device.
As to unstable? If your lease is short and renew isn't working - the device could be dropping the lease and doing a discover, etc. and for a time then it wouldn't have an IP.
-
@johnpoz Looks like it's using KEA.
Yes it's getting a IP. and initially i can access it, if dhcp assigned.
how would i switch the dhcp to older/stable version.
G
-
@georgelza in networking advanced
-
-
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
I'm on the same vlan20 that was giving all issues...
If you're connecting from the same VLAN it can't be pfSense blocking it. It could only be the host failing to pull a DHCP lease entirely. But that should be easy to check.
-
@stephenw10 but it's getting a ip, if i go onto the device via screen/keyboard it would be doing a apt get update/upgrade...
G
-
Then it sounds like some local issue. Maybe a mismatched subnet. Or a local firewall on the host you're trying to connect to. Or both!
-
not sure why can't get to the device if I dhcp reserve a ip... vs self dhcp assign...
but got the connectivity stable.
noticed that the 2 devices i was working on kept on connecting/disconnecting...
ended chancing channel in the AP they were connecting to... think between me and people around me the channel was flooded to point of causing flapping.
G
-
@georgelza Just again going to state this so people reading this thread don't think this is a thing.
It does not matter if your device gets the IP from the pool or a reservation - its still an IP on the same network..
So unless you put in your reservation something like a wrong gateway or wrong dns.. Devices on the same network can talk to each other and has zero to do with pfsense.
If your interface is say 192.168.10.0/24 and your pool is 192.168.10.100-200 and some reservation you set for some device is 192.168.10.50 - they are still on the 192.168.10.0/24 network.. And can talk to each other, etc. etc.
Not sure what issue your having but be it a device gets an IP from the pool, a reservation or you set it static on the device... If the IP is on the same network how they got the ip makes no difference.
-
Hi there
I realise/know what you saying... same vlan must be able to talk to each other... not arguing... but what i am def having is when I do a dhcp reservation for the MAC address inside my reservation block then I can't access the device, if I allow it to get a IP itself from the DHCP service then I can...
I did say to start with this is strange...
For now it's working, will fault find this later.
G
-
@georgelza are you using kea - and reservations are not working? And your devices gets nothing so ends up with an IP of 169.254?
Just look in your log is an IP given out.. Look on your device what is the IP, what is the mask - if devices are on the same network - how the device got the IP means nothing.
-
@johnpoz I was using KEA, I've been suggested to use ISC. switched over.
At the moment... My 2 Wifi networks are
vlan20 : tinman -> 172.16.20.0/24 with DHCP managed 201->250
vlan100 : tinmaniot -> 172.16.100.0/24 with DHCP managed 201->250lan is 172.16.10.0/24
if I allow device join SSID and get a address itself then i can reach it, apply to both.
if I dhcp reserve a ip based on MAC then i can't access device... device has internet access though as i can connect keyboard/scree/mouse and ping my gateways, i can do a apt-get update / upgrade,this even applies when the devices are told to join vlan20, which is also the vlan on which my Mac sits, from where i work.
G
-
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
if I dhcp reserve a ip based on MAC then i can't access device... device has internet access though as i can connect keyboard/scree/mouse and ping my gateways, i can do a apt-get update / upgrade,
Several things here.
Explain 'access the device' ? Access how ?
You an touch it, use it, it has "Internet" etc.
Do you mean : other devices can't access it ? Are devices on the same LAN ? Other LAN ? Elsewhere ?
Every device has also its own firewall. Have a look at it ... ;)Example, If you have two PCs, PC A and PC B on the same LAN network, and PC A can't access PC B, then you can stop looking at pfSense, as traffic from A to B is never even seen by pfSense. And pfSense can't blocked what it doesn't 'see' ^^
Go interrogate PC B, hint : it has a firewall for sure.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
vlan20 : tinman -> 172.16.20.0/24 with DHCP managed 201->250
vlan100 : tinmaniot -> 172.16.100.0/24 with DHCP managed 201->250So your devices are not on the same network? Or they are both the same vlan? Or are they on the lan?
So yeah what exactly do you mean by access? And what IPs do the devices get? Can you not access them by name or IP - can device A ping device B ip address.. Lets see the details of each devices IPs if windows it would be ipconfig /all
Not sure what it would be on mac device? But if you have nmcli you can get the info using that.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11
