Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP fails on VLANs

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nickt
      last edited by

      I recently switched pfSense from a LAN + WAN config to add VLANs on my LAN. I am not able to get DHCP addresses on the VLANs. I see DHCPOFFER of valid addresses in the DHCP system log but the clients don't seem to pick the addresses up.

      Details:

      • I am running pfSense 2.3.2-RELEASE-p1.

      • The parent LAN adapter is still enabled, though I no longer have it configuring an IPv4 or IPv6 address

      • I have confirmed that my VLAN networks are configured as /24 networks

      • DHCP is enabled on the VLANs, and they appear to have valid ranges for the addresses they can issue

      • Each VLAN network has a firewall rule allowing IPv4* from the VLAN to * * * *

      • I only have a few port forwarding rules on my WAN interface, and the "Default allow XX to any rule" type rule for each LAN and VLAN.

      • When connected from the second physical LAN adapter (OPT1), I am able to ping the gateway interface in each VLAN's subnet

      • My config has VLAN id 10 = 'Home', set to 192.168.1.0/24. VLAN id 20 = 'Misc', set to 192.168.2.0/24. OPT1 (second LAN adapter) is using 192.168.8.0/24

      Is there any more detailed info I can see about the DHCP interchange between the client and server?
      Is there any special setting I need to ensure that these DHCP packets can route back to the correct hosts?

      On my switch (Netgear GS748Tv3), I have the ports tagged as either VLAN id 10 or 20, and the pfSense router in port 1 set to tag both of those networks.

      thanks!

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Probably something in your switch somewhere. All the DHCP server can do is get the DHCPDISCOVER and send the DHCPOFFER. If the client never sends a DHCPREQUEST based on that offer, look on the client, or between the server and the client, for that.

        You probably want to packet capture to see where the traffic is getting lost.

        I can assure you dhcpd works just fine on VLAN interfaces.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • N Offline
          nickt
          last edited by

          Thanks, I figured out what was wrong. Your reply got me to read up on the DHCP protocol, which made me realize packets being sent from pfSense weren't making it back to nodes in the VLAN. I had set the VLAN ports for the nodes to be untagged but lost the setting when I didn't hit "apply", so all systems were receiving tagged packets.

          For those learning about VLANs who stumble onto this thread, in general, the rule of thumb is:

          • VLAN-aware gear such as managed switches and routers (including pfSense) should be connected to tagged ports
          • Other systems (desktops, servers, etc.) should be on untagged ports

          Again, thanks for the quick help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.