DHCP on OPT interface not working

valnar · Sep 30, 2014, 1:10 AM

I'm setting up DHCP for the first time to use 3 interfaces and basically need two "LAN" like interfaces and one WAN-the Internet.

So far, I haven't even got past DHCP yet. I want to setup DHCP on the OPT interface for those clients, but no one is receiving a DHCP address. I added a firewall rule to mimic the auto-generated rule on the LAN side (basically LANnet allowed everywhere) thinking that might be stopping DHCP, but that did not work.

What needs to be tweaked or added to treat the OPT interface as basically a second LAN interface?

valnar · Sep 30, 2014, 1:55 AM

I created the pfSense box on Vmware, if that matters. Assigned all three NIC's to different vlans in vSphere.

kejianshi · Sep 30, 2014, 2:09 AM

You need to:

1. Make a set of "pass all" firewall rules on the opt similar to what you see on lan

2. Go to dhcp server and enable dhcp on opt interface like it is on lan and set up the dhcp range similar to lans

I said similar - not same.

Make the opt subnet and ip different than lan

valnar · Sep 30, 2014, 2:23 AM

@kejianshi:

You need to:

1. Make a set of "pass all" firewall rules on the opt similar to what you see on lan

2. Go to dhcp server and enable dhcp on opt interface like it is on lan and set up the dhcp range similar to lans

I said similar - not same.

Make the opt subnet and ip different than lan

Yeah, already did all that. It's setup correctly, but no DHCP is passing to the clients.

Derelict · Sep 30, 2014, 4:14 AM

Then you have something hosed in vsphere or elsewhere at layer 2. Stop looking at pfSense.

johnpoz · Sep 30, 2014, 11:01 AM

"Assigned all three NIC's to different vlans in vSphere."

You have something messed up there.. Why would you assign them to different vlans in vpshere?

So do you have vlans setup in pfsense? What does the physical layer look like? I am with Derelict – you got something messed up in vmware or layer 2 that your dhcp discovers are not even getting to pfsense.. To validate just do a sniff on the interface in pfsense - do you see dhcp discover? Do you see pfsense send out offers if it sees the discover?

valnar · Sep 30, 2014, 11:49 AM

I just tested it on an ALIX board and it works fine, so yes, something is amuck in VMware that is preventing DHCP offers.

valnar · Sep 30, 2014, 1:26 PM

Turned out to be a layer-2 problem, and I don't know why. No arp either. Deleted the vlan in vSphere and my switching infrastructure and created a whole new vlan ID. Tagged everything and it works fine now. I guess I have a "dead" vlan.

johnpoz · Sep 30, 2014, 5:19 PM

Without understanding your vsphere setup not sure if you would even need vlans or tagging - what did you setup on the vswitches? Do you have devices with multiple vlans connected to that vswitch. How does that connect to the physical world?

kejianshi · Sep 30, 2014, 6:03 PM

Glad you found your problem.

apesjr · Oct 7, 2014, 10:03 PM

Hi guys.
read my response in: https://forum.pfsense.org/index.php?topic=80478.0