strange, can access device if dhcp allocated, but not when reserved
-
@georgelza again what dhcp are you running isc or kea? You should see it in the dhcp server settings
Kea is still preview - and can have issues still
Does your client get a valid IP or not.. With valid settings, gateway, etc. Does really matter how your device gets the ip be it from a pool or reservation in the dhcp server or you set it locally on the device.
As to unstable? If your lease is short and renew isn't working - the device could be dropping the lease and doing a discover, etc. and for a time then it wouldn't have an IP.
-
@johnpoz Looks like it's using KEA.
Yes it's getting a IP. and initially i can access it, if dhcp assigned.
how would i switch the dhcp to older/stable version.
G
-
@georgelza in networking advanced
-
-
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
I'm on the same vlan20 that was giving all issues...
If you're connecting from the same VLAN it can't be pfSense blocking it. It could only be the host failing to pull a DHCP lease entirely. But that should be easy to check.
-
@stephenw10 but it's getting a ip, if i go onto the device via screen/keyboard it would be doing a apt get update/upgrade...
G
-
Then it sounds like some local issue. Maybe a mismatched subnet. Or a local firewall on the host you're trying to connect to. Or both!
-
not sure why can't get to the device if I dhcp reserve a ip... vs self dhcp assign...
but got the connectivity stable.
noticed that the 2 devices i was working on kept on connecting/disconnecting...
ended chancing channel in the AP they were connecting to... think between me and people around me the channel was flooded to point of causing flapping.
G
-
@georgelza Just again going to state this so people reading this thread don't think this is a thing.
It does not matter if your device gets the IP from the pool or a reservation - its still an IP on the same network..
So unless you put in your reservation something like a wrong gateway or wrong dns.. Devices on the same network can talk to each other and has zero to do with pfsense.
If your interface is say 192.168.10.0/24 and your pool is 192.168.10.100-200 and some reservation you set for some device is 192.168.10.50 - they are still on the 192.168.10.0/24 network.. And can talk to each other, etc. etc.
Not sure what issue your having but be it a device gets an IP from the pool, a reservation or you set it static on the device... If the IP is on the same network how they got the ip makes no difference.
-
Hi there
I realise/know what you saying... same vlan must be able to talk to each other... not arguing... but what i am def having is when I do a dhcp reservation for the MAC address inside my reservation block then I can't access the device, if I allow it to get a IP itself from the DHCP service then I can...
I did say to start with this is strange...
For now it's working, will fault find this later.
G
-
@georgelza are you using kea - and reservations are not working? And your devices gets nothing so ends up with an IP of 169.254?
Just look in your log is an IP given out.. Look on your device what is the IP, what is the mask - if devices are on the same network - how the device got the IP means nothing.
-
@johnpoz I was using KEA, I've been suggested to use ISC. switched over.
At the moment... My 2 Wifi networks are
vlan20 : tinman -> 172.16.20.0/24 with DHCP managed 201->250
vlan100 : tinmaniot -> 172.16.100.0/24 with DHCP managed 201->250lan is 172.16.10.0/24
if I allow device join SSID and get a address itself then i can reach it, apply to both.
if I dhcp reserve a ip based on MAC then i can't access device... device has internet access though as i can connect keyboard/scree/mouse and ping my gateways, i can do a apt-get update / upgrade,this even applies when the devices are told to join vlan20, which is also the vlan on which my Mac sits, from where i work.
G
-
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
if I dhcp reserve a ip based on MAC then i can't access device... device has internet access though as i can connect keyboard/scree/mouse and ping my gateways, i can do a apt-get update / upgrade,
Several things here.
Explain 'access the device' ? Access how ?
You an touch it, use it, it has "Internet" etc.
Do you mean : other devices can't access it ? Are devices on the same LAN ? Other LAN ? Elsewhere ?
Every device has also its own firewall. Have a look at it ... ;)Example, If you have two PCs, PC A and PC B on the same LAN network, and PC A can't access PC B, then you can stop looking at pfSense, as traffic from A to B is never even seen by pfSense. And pfSense can't blocked what it doesn't 'see' ^^
Go interrogate PC B, hint : it has a firewall for sure.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
vlan20 : tinman -> 172.16.20.0/24 with DHCP managed 201->250
vlan100 : tinmaniot -> 172.16.100.0/24 with DHCP managed 201->250So your devices are not on the same network? Or they are both the same vlan? Or are they on the lan?
So yeah what exactly do you mean by access? And what IPs do the devices get? Can you not access them by name or IP - can device A ping device B ip address.. Lets see the details of each devices IPs if windows it would be ipconfig /all
Not sure what it would be on mac device? But if you have nmcli you can get the info using that.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
if I allow device join SSID and get a address itself then i can reach it, apply to both.
if I dhcp reserve a ip based on MAC then i can't access device...Just to be clear in both situations the device pulls an address.subnet/gateway via DHCP. The only difference is whether that is a static mapping in the DHCP server?
Or are you actually setting it statically on the device when you reserve the IP?
-
Just to be clear in both situations the device pulls an address.subnet/gateway via DHCP. The only difference is whether that is a static mapping in the DHCP server?
both pull... via dhcp, as you said one is reserved based on mac address and then handed out on request, for the other there is no reservation so it gets one from the dhcp pool
no static config on device.
G
-
@Gertjan said in strange, can access device if dhcp allocated, but not when reserved:
Several things here.
Explain 'access the device' ? Access how ?
(/post/1200985)ssh
pingYou an touch it, use it, it has "Internet" etc.
it has outbound access which implies it knows where the gateway is at least, network is correctly configured.
Do you mean : other devices can't access it ? Are devices on the same LAN ? Other LAN ? Elsewhere ?
both same lan and different vlan.
Every device has also its own firewall. Have a look at it ... ;)
Raspberry pi's with Rasbian, no FW on device configured. vanilla deployment, if there was a fw then it would also be blocking me when i dynamic dhcp assign, if it was fw then it would prob have worked when client on same land/vlan and block when not. it's blocking irrespective of client/my mac.
Example, If you have two PCs, PC A and PC B on the same LAN network, and PC A can't access PC B, then you can stop looking at pfSense, as traffic from A to B is never even seen by pfSense. And pfSense can't blocked what it doesn't 'see' ^^
Go interrogate PC B, hint : it has a firewall for sure. -
@georgelza said in strange, can access device if dhcp allocated, but not when reserved:
both same lan and different vlan.
Then its a firewall issue on that device.
You have to allow ICMP so it can receive ping packets - and it will reply.
You have to allow SSH (port 22 TCP) incoming connections.edit : This behavior is more normal then you think.
Connect a Microsoft Windows device to your network for the very fist time and you'll see worlds worst understood question : Private our Public network ?
If you have chosen Public, then that Microsoft Windows device will only accept traffic coming from the local gateway and nothing else.
Solution : go Private (or trusted) ;) as you can (normally) trust your own LANNo "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@johnpoz said in strange, can access device if dhcp allocated, but not when reserved:
Not sure what it would be on mac device? But if you have nmcli you can get the info using that.
Mac as in MBP, Macbook pro... not MAC as in MAC address, sorry should have been clearer.
G
-
@Gertjan said in strange, can access device if dhcp allocated, but not when reserved:
Then its a firewall issue on that device.
Rasbian does not come with configured firewall.
the only difference being able to ping device and/or ssh onto device is changing how the ip is assigned.
1 . dynamic dhcp out of pool
2. static assigned via dhcp reserve based on mac address.
