PfSense as sole DHCP Server?
-
Whichever you want. I don't know what you're looking for. Someone to tell you how to design your network?
I already said I use pfSense for all that.
-
Someone to tell you how to design your network?
Oh my, yes. Please come hold my hand. ;)
Seriously, right now I am just too busy studying for my Cisco CCNA exam and don't really have the time to devote to pfSense. My apologies accordingly.
What I wanted was a centralized resource for NAT, DHCP and DNS (preferably dynamic). I see from a casual read of other threads that others are quite interested in doing the same thing as I; and the information on those related threads has been most helpful.
Just for the record, configuring DNS on pfSense does require some thought. And, as we all know, DNS and DHCP should/must reside on the same device.
Let's now close this thread because I believe it to be redundant. Thanks to all!
-
Right now, I know I can shut off and will shut off all DHCP capabilities on the DOCSIS modem and the SG-300 Cisco Layer 3 switch.
If I'm not mistaken, the pfsense box is between the modem and the switch, so unless I'm mistaken that is two separate network segments, each of which may have either 0 or 1 DHCP server (depending on whether you want static addressing or not). The modem is likely to have a DHCP server running by default so you can just leave that alone; the pfsense console will tell you whether the WAN was assigned an address using DHCP or not. Then on the LAN segment you again have the choice of running the DHCP server or not, and yes, it seems to make sense for pfsense to do it. Finally, are there different network segments on both sides of the switch, too? Then you will need a DHCP server there too, on the downstream side.
For small networks without a lot of activity connecting and disconnecting machines, I like static addressing if only to make it easier to understand what is going on in the logs.
-
The DHCP server in pfSense is perfectly capable of handing out leases to thousands of devices at a time. Like multiple /19 pools.
I really don't know what OP's point was. Neither does he as he's made it plain he's too busy studying for his CCNA to worry about details like basic network design.
-
I think pfsense works great as the sole DHCP server. Never an issue.
-
I think pfsense works great as the sole DHCP server.
I think you are correct; and that's actually the confirmation of my thinking I was hoping for.
What I believe from the error/information messages I see upon pfSense bootup is that quite possibly the DOCSIS 3.0 (SMCD3G-BIZ) cable modem, the SG-300 Layer 3 capable switch, and the end devices are all competing for DHCP responsibilities.
My question, hoping to clear up Derelict's ongoing confusion here, is whether or not to centralize everything on the pfSense device, specifically firewall, NAT, DHCP and DNS. The reason for doing so makes good sense logically and I thank you folks for confirming my thoughts. I will therefore turn off/shut down these services on all other devices in the mix.
-
Yes - I think thats a good decision. Pfsense is pretty decent one stop shopping for those things. No need to complicate the mix.
-
Thanks, Kejianshi, for your kindness and the benefit of your experience.
All I have right now is a totally unconfigured network:
DOCSIS 3.0 Cable Modem –> pfSense --> Cisco Layer 3 switch --> file server, 6 Win7 computers, 1 Ubuntu Linux computer, Canon laser printer + will add Wifi later on (possibly) for the laptop.
Again, Much Appreciate. :)
-
Are you operating the switch as layer 2 or layer 3? Calling it a layer 3 switch implies you'll be routing with it.
-
Dammit. This is 2 times now I have posted a reply only to be told I do not have access - and then the reply is erased. Ugh!
–-----------
@DerelictActually I call it a Layer 3 switch because it is a Layer 3, some say "Managed", switch with Layer 3 routing capability - excellent for VLAN's. I purchased it way before I knew anything about pfSense. Given what I know now, I probably would have turned everything over to psSense. May sell the Cisco SG-300 switch as a result.
To answer your question, though, I am just using it unconfigured out of the box - hence a single big ole VLAN.
Btw, when I said I was studying Cisco, please don't misunderstand that I actually like Cisco. Quite to the contrary, I find Cisco to be unduly complicated, with too many "yeh buts" and "one more things". I always say that mastering Cisco is like a scuba diver trying to touch bottom in the Marianas Trench.
The only reason I study Cisco is the classes at the local JC are exceedingly well taught and give me a very clear understanding of what really happens in a network, large or small. Cisco's books and tests are pretty awful, especially the Cisco tests which are a bunch of convoluted crap. The only thing they test is your ability to untangle their tangled English.
Also, I think Cisco's IOS is a security sieve. So all in all, given the simplicity and cost-effectiveness of pfSense, I think this project has a bright future especially in small to medium sized business and other organizations. Priced a Cisco router recently?
Btw, thanks Derelict for all your poignant observations, which help me to clarify my goals and motivate me to learn more. ;D
-
Note: I provided as much detail as I thought might be helpful. Please excuse if the detail is excessive.
With all these devices - Comcast DOCSIS 3.0 "business-class"modem, pfSense network appliance, Cisco SG-300 Layer 3 Switch, multiple computers running Win7 64 bit as well as Linux Ubuntu - I know I have DHCP assignment conflicts and hence delays in my network coming up. I know that because if I cut out all the intermediary devices and go straight through (insecure, I know) from the DOCSIS cable modem to a Win 7 computer, the network pops up quickly - without all the stumbling and error messages.
Your issues most likely has nothing to do with pfSense, Windows server, Linux devices, or DHCP on your Comcast modem but basic configuration of your Cisco switch. Try looking up spanning tree portfast the next time you're "studying" for your Cisco exam.
-
Try looking up spanning tree portfast the next time you're "studying" for your Cisco exam.
My goodness, thank you for the unsolicited condescension. Let's try to play nice, OK? This is a quality forum. :)
I don't need to "look up" spanning tree protocols. I know what it is and it's completely irrelevant to my problem, which I believe we have all noted has been solved.