DHCP server not assigning IPs to VLAN
-
Alright, sorry if the question has been asked - but i've been searching the forums and google for the past few hours - i'm completely lost.
Here's my problem.
Whenever I statically set an IP on one of my servers, I am no longer able to ping any host outside my network. (ex: google.com).
If I enable a DHCP server on that VLAN I am to ping hosts (with the previous, static IP still leased).
However, if I renew my lease on that server, the LAN DHCP server assigns an address and it's the wrong one for that subnet. Even if I set a static mapping on the VLAN DHCP server - the other LAN DHCP server always wins.So my question - is it possible to fix this so that any computer that connects to my network will receive a dynamic address from the LAN subnet, but then I can statically assign that IP to another subnet entirely - overwriting the LAN.
I'd like to avoid setting IP's manually on the servers as some of them change networks and re-configuring them takes time - it would be easier if pfSense could handle this.In case i've confused anyone, here's my setup:
Basically, my ideal situation would be this - anyone that connects to the network either via VPN, wireless or ethernet will receive a dynamic IP from the DHCP server. All of this traffic will flow out of one IP only - the 100.100.100.103.
However, I would also like to be able to statically assign IPs to certain computers/servers. Depending on the IP I assign them, it would NAT through the corresponding IP. This also means traffic both ways. For example: any requests addressed to the IP 100.100.100.101 would automatically be NAT'd to the VLAN1 (192.168.101.1) subnet. 100.100.100.102 has the same setup as does x.x.x.103.Also, if i'm completely off in left field and someone has a better solution for achieving the same result, let me know - i'm open to suggestions. Thanks everyone for helping!
-
If I enable a DHCP server on that VLAN I am to ping hosts (with the previous, static IP still leased).
However, if I renew my lease on that server, the LAN DHCP server assigns an address and it's the wrong one for that subnet. Even if I set a static mapping on the VLAN DHCP server - the other LAN DHCP server always wins.You are apparently mixing VLAN tagged and VLAN untagged traffic on the same interface. I think you really need a small VLAN capable switch immediately downstream of the pfSense "LAN" interface to properly keep the VLANs separate.
When your DHCP clients on VLAN1 and VLAN2 issue DHCP requests do they issue the requests with the appropriate VLAN tag? A VLAN capable switch could be configured to ensure all traffic from the VLANs has the correct tag.
Basically, my ideal situation would be this - anyone that connects to the network either via VPN, wireless or ethernet will receive a dynamic IP from the DHCP server. All of this traffic will flow out of one IP only - the 100.100.100.103.
However, I would also like to be able to statically assign IPs to certain computers/servers.You can assign fixed IPs in DHCP according to MAC address, but you need a proper VLAN capable switch.
Depending on the IP I assign them, it would NAT through the corresponding IP. This also means traffic both ways. For example: any requests addressed to the IP 100.100.100.101 would automatically be NAT'd to the VLAN1 (192.168.101.1) subnet.
I presume you mean traffic coming from the internet to 100.100.100.101. Do you mean NAT (changing the source IP address on the way through from the Internet) or port forward (changing the destination IP address on the way through from the internet, leaving the source IP address unchanged)? You would need to port forward to a particular system on the subnet - you can't port forward to the whole subnet. I suspect you want NAT on the way out to the Internet and port forward on the way in from the Internet.
Do you have the pfSense book? There are a number of port forward and NAT examples discussed there in some detail.
-
Do you have the pfSense book? There are a number of port forward and NAT examples discussed there in some detail.
And VLANs, including the switch part, and explaining what they are in detail for those who are unaware. http://pfsense.org/book
This sounds like the OP is expecting VLANs to magically work without having a managed switch with VLANs, if that's the case, you have to have VLANs on the switch.
-
@cmb:
This sounds like the OP is expecting VLANs to magically work without having a managed switch with VLANs, if that's the case, you have to have VLANs on the switch.
We have a 5 tier Netgear GS748TS (http://www.netgear.com/business/products/switches/stackable-smart-switches/gs748ts.aspx) stack running on our core network - the same as our pfSense system.
We have VLANs enabled on the stack and they're being created correctly.I will run through my configurations again and ensure their setup correctly - it may be that one of my employees didn't setup our core correctly.
Thanks for your help guys - i'll let you know when I find out more. -
Do you have the pfSense book? There are a number of port forward and NAT examples discussed there in some detail.
I just purchased it lol - I'll give it a good look today over and see if there isn't any tips that would lead to a fix.
-
Those do properly support VLANs. We specifically go over VLANs on Netgear switches in the book including screenshots, so that should help you review everything there.
-
I'll look through that chapter and post when I've found a solution.
Thanks.