pfsense 2.7.0 installed as vm on xenserver now routing issue

Abdul Qadir

i have already installed pfSense with one WAN interface and one LAN interface
On lan interface i have configure IPs for office network PCs and some laptops configured on DHCP with scope enabled on DC to get ips through MAC addresses.
Now i want my cctv network to live for that i have added another interface with different network
when i connect hikvision network cable to existing lan, the office network stop browsing or if office network start browsing then the dhcp clients of other network facing issue in browsing.
what to do to resolve this matter

Abdul Qadir

No one replying to my post
or
my post not make sense

stephenw10

Sounds like you have a subnet conflict or a rogue dhcp server.

Connecting the cctv server to the existing LAN subnet is probably not what you want to do. It should be on the new NIC and separate to the LAN.

Is there some reason you're using 2.7.0 and not a newer version?

Abdul Qadir

@stephenw10 Fist of all thx for ur input on the matter.
2ndly its already installed from last two years and i have configured one WAN interface and one lan1 interface for desktop users with static ips at different offices connected through different switches.

Now we have cctv systems already installed need to online for corporate office to view live movements.

For that i have installed one new Lan1 interface which have already configured on xenserver virtual environment just added them to fpfSense vm act as proxy server, with static IP network different from the one already installed and have same WAN interfaces of both the Lan interfaces.

now the CCTV nvr is somewhere else location connected to switch and i have connected that switch to our office network LAN swith.

Now the problem is CCTV NVR is ok and have live view but our desktop sytems iwth fixed ip and some Laptops with fixed ips configured through dhcp via their MAC stop browsing when i connect ethernet cable of cctv to the switch already on othe network means 0's network and other one is 10's network.
so this is the problem i am facing

stephenw10

@Abdul-Qadir said in pfsense 2.7.0 installed as vm on xenserver now routing issue:

the CCTV nvr is somewhere else location connected to switch and i have connected that switch to our office network LAN swith.

So how are you separating the two subnets? You are using VLANs on the switches?

It sounds like you have a layer 2 issue there. It could be a loop perhaps?

Abdul Qadir

@stephenw10 Dear I am not using vlan i have just connect the cctv ethernet cable plug into the switch already used for my 0,s Lan using for office bearers.

Also i have configured the cctv NVR and all IP cameras on to the same network using for office PC's but still there are problem when a PC logoff during cctv connected and it stop browsing on login otherwise its ok with cctv NVR connected.
Events checked of that PC's its ping is ok to proxy and DNS server but when i trace google or yahoo it do not trace.
On nslookup it brings the result of DNS
but when i give nslookup yahoo.com
it has request timed out.
Feeling bad as i am not tracing the problem

Desktops with same Switches, some are browsing and some stop browsing but i have observed when i log off and login again then it stop browsing
Also the AP's with same network configure for mobile phone users on another pfSense proxy configured as vm and DHCP enabled with 192.168.5.X network still working fine and have no issues.

Abdul Qadir

I have almost all auto MDI/MDIX switches some old are too on our network but they all support auto MDI/MDIX
HP Procure 2512
3COM 2952 Gigabit 48-port switch
D-Link 10/100 24 Port switch as repeater switch
and for CCTV i have
D-Link DES-1008P PoE switches

patient0

@Abdul-Qadir said in pfsense 2.7.0 installed as vm on xenserver now routing issue:

just connect the cctv ethernet cable plug into the switch already used for my 0,s Lan

Have you port separation or ACLs on this switches so that the CCTV port(s) can not communicated to the LAN ports (on the switch)?

If you have not done that then LAN and CCTV are on the same L2 network and you can not have different networks on the ports/L2.

Can you show a diagram of the network topology?

stephenw10

Mmm, you initially said you added a new interface for the CCTV network but now seem to be saying the cameras and NVR are just on the same layer 2?

It seems very likely something in the CCTV network is running a DHCP server and clients end up trying to use it instead of pfSense.

Abdul Qadir

@stephenw10 Thx for your reply
Yes i had configured a different network for NVR and Office users but when the problem arise and could not solve i try to put both the CCTV NVR and Office users on same 192.168.0.X network to resolve the issue but still the problem is there.
All CCTV switches are unmanaged PoE switches i.e D-Link DES-1008P PoE switches and one of 24 port PoE where NVR is attached and also display of NVR.
NVR have static IP of the same Network, Cameras are all IP cameras and have same Network IP's.
No DHCP on the cameras and NVR as well is on. I mean DHCP is off on all cameras and NVR.

With the same IP Scheme i have some 10 Laptop users configured as DHCP users with scope defined for them on DHCP server to get IP's and DNS credentials trough their MAC and assigned the same network IP's, gateway and own configured DNS I mean 192.168.0.X.
Also on The other VM pfSense installed for Mobile users configured DHCP scope with IP Scheme 192.168.10.X

All are worked fine from at least 1 years but when i pluged ethernet cable of CCTV network to the existing Network switch then CCTV work fine, Mobile users have no problem with browsing and the same network users already login have no browsing problem and also Laptop users
but
When any user logoff and login again during CCTV Connected to switch
they are able to use LAN resources share drives etc but browsing stopped
This is the main issue I am facing

stephenw10

So all the IP cameras are also using static IPs? You re configured them all to be in the same LAN subne

@Abdul-Qadir said in pfsense 2.7.0 installed as vm on xenserver now routing issue:

When any user logoff and login again during CCTV Connected to switch
they are able to use LAN resources share drives etc but browsing stopped

Logged out/in from what?

It sounds like they end up with no default route. You should check the routing and ARP table on a client that is failing to get a connection. Make sure it has a valid route and the correct MAC for the pfSense LAN.

Abdul Qadir

@stephenw10 A domain user user when log off and login again to his profile no browsing reported.
when i just unpluged the cctv Lan cable it starts browsing.

Also all Cameras and NVR have static IP's configured.

CCTV can communicate also from LAN and and WAN too but Domain users when logoff during CCTV ethernet cable plugged in switch (CCTV) to switch(LAN) then domain users have browsing issues.

stephenw10

Yup so check the routing and arp table on a client when it's unable to browse.