New to pfsense, and now arp troubles…

codeman20400

hey guys, i recently made the switch from DD-WRT to pfsense (more forced, since the dd-wrt box died) and it worked great for a few days. now though, i've had no end of outages, dhcp failures, and i think it's down to my switches, an old SRW2024, and a trendnet TEG-S80g, since i can see that arp requests are being sent out, but only a small number are ever answered, and those are the clients directly connected to the pfsense box. i'm new to the game, but i know enough to follow directions and do basic CLI tasks. can anybody give me a hand?

Paint

Welcome to pfsense!  I recently made the switch as well (mainly tired of the lack of ddwrt feature and single point of failure: kong or BS)

Can you provide some screenshots of your DHCP page and draw a network diagram for us?

codeman20400

Sure thing…while it's not everything, each link shown is gigabit, wireless clients are all Wireless-N or above, and only the pc's on OPT1 (those connected via the teg-s50g) can access the pfsense box and/or the internet. also, the other clients are still connected, but only spew arp requests and never get replies... I hope to be able to transfer the connections from the teg-s80g to the srw2024, removing it entirely. My dhcp screenshots are forthcoming, since they're on my main rig at home..and i have access to a standalone packet sniffer if that will be of any use


Paint

@Codeman20400:

Sure thing…each link shown is gigabit, wireless clients are all Wireless-N or above, and only the pc's on OPT1 (those connected via the teg-s50g) can access the pfsense box and/or the internet. also, the other clients are still connected, but only spew arp requests and never get replies... I hope to be able to transfer the connections from the teg-s80g to the srw2024, removing it entirely. My dhcp screenshots are forthcoming, since they're on my main rig at home

thank you for the image - very helpful to diagnose this problem!
Can you please add the subnet masks for any IPv4 and IPv6 LAN & OPT1 addresses? (I am assuming your WAN is provided by DHCP)

Are OPT1 and LAN on the same subnet? Are they bridged?

(Sorry if this is basic) - have you factory reset your Cisco AIR-1252K9-AG AP? Turned off DHCP? Are you running DD-WRT? Did you follow these instructions: https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point#Long_Version_for_Same_Subnet

In general, it is not good to use two interfaces on your pfSense box to bridge two networks. It would be better if you could connect the TEG-S50G that is currently connected to OPT1, directly to the SRW2024. Even a gigabit 8 port switch to expand your LAN to the TEG-S50G and SRW2024 would be more optimal.

If you must bridge the two networks via OPT1 and LAN, take a look at these threads below:

Take a look at these threads:
https://forum.pfsense.org/index.php?topic=13038.0
http://www.cyberciti.biz/faq/how-to-pfsense-configure-network-interface-as-a-bridge-network-switch/
https://forum.pfsense.org/index.php?topic=30961.0

Post back with any questions. thanks

codeman20400

only LAN has an address, being 192.168.1.1 (mask 255.255.255.0) i haven't configured ipv6 (i'd like to) OPT1 has no address, and i'm not sure if they're bridged, but clients connected through the SRW2024 can't access the router either way. and i haven't set up separate subnets or VLANs yet either

Paint

@Codeman20400:

only LAN has an address, being 192.168.1.1 (mask 255.255.255.0) i haven't configured ipv6 (i'd like to) OPT1 has no address, and i'm not sure if they're bridged, but clients connected through the SRW2024 can't access the router either way. and i haven't set up separate subnets or VLANs yet either

LAN and OPT1 need to be on different subnets, with separate DHCP servers managed by the pfSense box.

If you would like to pass traffic between the two networks, setup two firewall rules:
1. on the LAN page, allow any traffic from source OPT1 Network
2. on the OPT1 page, allow any traffic from source LAN Network

the CISCO AIR-1252K9-AG AP should only be an access point as a static ip, e.g. 192.168.1.2, on the LAN. DHCP should be off on this device. HowTo for DDWRT - https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point#Long_Version_for_Same_Subnet

What IP addresses are the OPT1 network receiving? Is DHCP disabled on the Cisco AIR device? What OS is running on the Cisco device?

codeman20400

OPT1 has no ip address or dhcp running, the cisco is set up with a static ip in the main subnet (192.168.1.5), and it worked just fine prior to my network falling on it's face yesterday…should i move the AP to the OPT1 interface and bridge the networks?

Paint

What is the ip of your pfSense machine?

In your original post you said only OPT1 devices can access the internet, correct? What is the ip/subnet of OPT1?

codeman20400

i may have reversed the OPT1 and LAN interfaces, and the ip is 192.168.1.1 (mask 255.255.255.0) in LAN

Paint

has this network ever worked? If so, is it possible that the SRW2024 died?

codeman20400

it worked great for a couple of days…i think i made the switch from dd-wrt on Thursday, but then, seemingly randomly, everything just quit working...and it's quite possible that something within the SRW2024 died, but traffic still flows between many of the hosts

Paint

@Codeman20400:

Sure thing…while it's not everything, each link shown is gigabit, wireless clients are all Wireless-N or above, and only the pc's on OPT1 (those connected via the teg-s50g) can access the pfsense box and/or the internet. also, the other clients are still connected, but only spew arp requests and never get replies... I hope to be able to transfer the connections from the teg-s80g to the srw2024, removing it entirely. My dhcp screenshots are forthcoming, since they're on my main rig at home..and i have access to a standalone packet sniffer if that will be of any use

This is the post I am referring to.

I am assuming that your picture is correct.

The problem is that your OPT1 devices cannot access the internet/pfSense machine?

Where was the ddwrt machine placed previously? On the LAN or OPT1 side? Is it possible the OPT1 devices have lost their IP address assignments because there is no DHCP server any longer on that network?

codeman20400

the dd-wrt box was where the pfsense box currently is, and before the change-over, both the pfsense box and srw2024 were not connected. the only things that work are those directly connected to the pfsense box, by bypassing the main switch…but i'll have to check the bridge setting to see if that helps

codeman20400

so i've changed some things about…specifically, the AP is now directly connected to the OPT1 interface with a 192.168.2.0 subnet, and clients can connect and be assigned an IP...how should i adjust to give these clients web access? and there was no bridging taking place before

-edit: It lives! must have been pure luck that it worked before...i changed my AP back to the LAN, leaving OPT1 active, but disconnected...and otherwise my network has risen from its own ashes...Thanks and huzzah!

Paint

@Codeman20400:

so i've changed some things about…specifically, the AP is now directly connected to the OPT1 interface with a 192.168.2.0 subnet, and clients can connect and be assigned an IP...how should i adjust to give these clients web access? and there was no bridging taking place before

-edit: It lives! must have been pure luck that it worked before...i changed my AP back to the LAN, leaving OPT1 active, but disconnected...and otherwise my network has risen from its own ashes...Thanks and huzzah!

anytime! Glad you got it working