LAN2 Cannot Connect to main LAN

IanHK

LAN is 192.168.1.0 255.255.255.0 DHCP 192.168.1.101 - 199
LAN2 is 192.168.2.0 255.255.255.0 DHCP 192.168.2.101 - 199

The workstation IP (192.168.2.20) and target NAS (192.168.1.8) are DHCP Static Mappings.

Workstation seems to pick up everything correctly:

DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d493:903e:358e:10%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Wednesday, April 3, 2019 3:58:33 PM
Lease Expires . . . . . . . . . . : Wednesday, April 3, 2019 5:58:32 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 83896568
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5F-AE-27-00-28-F8-0A-93-99
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

login-to-view

Note, the "Allow trusted WiFi" rule above was changed to an any/any/all rule without improving the situation. This originally had aliases for the x.x.2.x workstations and permitted ports.

login-to-view

Thanks.

Rico

pfSense Interface configuration.

-Rico

IanHK

Interfaces:

login-to-view

login-to-view

Rico

IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0

Wrong Subnet Mask, change to 255.255.255.0

-Rico

IanHK

But where is that being set - the WiFi AP is using pfsense as the DHCP so the settings are coming from pfsense aren't they:

login-to-view

Rico

This happens only for your static mappings or in general?
Check for any second DHCP server in your network. You have any Wireless AP in this network? Check for running DHCP server there.

-Rico

NogBadTheBad

@Rico said in LAN2 Cannot Connect to main LAN:

IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0

Wrong Subnet Mask, change to 255.255.255.0

-Rico

DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d493:903e:358e:10%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Wednesday, April 3, 2019 3:58:33 PM
Lease Expires . . . . . . . . . . : Wednesday, April 3, 2019 5:58:32 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 83896568
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-5F-AE-27-00-28-F8-0A-93-99
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Could be you've changed the subnet mask on the DHCP server / pfSense and the lease on the client hasn't expired.

IanHK

There will be a short delay!

Tried to reboot after resaving to get a clean slate, and completely lost all internet connectivity.

Really appreciate the help and will revert if/when I get off this 3G phone link.

IanHK

Well, that's a few hours of my life I won't get back!

Tried absolutely everything I could think of with my Asus Access Point and eventually did a factory reset to get back to a known start point.

1. I gave up trying to get LAN2 to work, and just set the AP to automatically get the DHCP settings from pfSense. Plugged it back in and was back at the same status as this morning - everything talking to everything but no way to isolate some wifi users form the main network.

• The auto settings gave my wifi connected PC this setup - note the subset mask that is driven entirely by pfSense on LAN interface: 255.255.255.0

login-to-view

Because everything is driven by pfSense, just for giggles I moved the AP from LAN to LAN2 - and look what happened to the subnet mask - it goes back to the troublesome 255.0.0.0 !!!

login-to-view

As this is seen as the reason my LAN2>LAN access is not working as it should, can anybody help to explain where/how in pfSense the subnet mask is modified for LAN2 compared to LAN when both are set the same?

pfSense 2.4.4 release-P1

Thanks

IanHK

I modified the LAN2 DHCP settings to 192.168.2.1 /25 and restarted the DHCP service.

The new lease has got the same 255.0.0.0 issue as before:

login-to-view

Bizarre !

NogBadTheBad

Remove the AP from LAN2 and plug the laptop in directly, what do you get then ?

IanHK

I checked for a device getting a DHCP address, rather than static mappings - and it's the same - LAN2 DHCP gives a 255.0.0.0 subnet mask but simply plugging the cable from LAN2 back to LAN the assignments are normal - i.e. 255.255.255.0

There doesn't seem to be anywhere in pfSense where this could be going wrong - the DHCP settings pick up the correct range of possible IPs based on the interface settings so it appears to have the correct picture of what LAN2 looks like.

Other than deleting the LAN2 interface completely and re-creating it, does anybody have any other suggestions ?

Thanks

IanHK

Hi NogBTB,

Smart thought - bizarre result!

I cable connected my PC directly to the LAN2 interface and it gives me:

• a LAN address of 192.168.1.20 NOT the expected LAN2 address of 192.168.2.20

• Subnet mask 255.255.255.0

I originally had the static mappings on the LAN DHCP, and duplicated them to LAN2 (changing x.x1.x to x.x.2.x) so these devices (MACs) are defined in static mappings on both LAN and LAN2.

I am guessing this is the root cause, and in a steady state I could remove them from LAN once LAN2 is actually working, but should a PC connected to LAN2 be served an LAN IP and/or is there a way to stop it happening while keeping the fallback mappings on the LAN DHCP ?

Thanks

NogBadTheBad

Post a copy of the following:-

1. An ipconfig /all when directly connected to LAN2

2. An arp -a when directly connected to LAN2

3. Status-> Interfaces LAN & LAN2.

IanHK

Will do, thanks. Just need a moment to let things settle....

IanHK

Current status:

1. I removed the "duplicate" static mappings so now LAN only has static IPs defined for the wired devices, and LAN2 only has static mappings for the WiFi devices.

2. For my workstation, I removed all static mappings so it is just picku\ing up DHCP settings.

3. LAN2 is defined as 192.168.2.0/25 - I only did this to force a change to be saved to see if it would solve the 255.0.0.0 issue

4. I rebooted pfSense

5. I double-checked the workstation is using DCHP - when the pfSense box / AP went wonky last night I had a fixed IP which may have caused the situation earlier today, not sure of anything anymore!

Now, with workstation connected directly to LAN2, I am seeing an x.x.2.x DHCP assigned IP - as expected - but the subnet mask is STILL 255.0.0.0

Attached items as requested:

• ipconfig /all
• arp -a
• pfSense Status > Interfaces

IpConfigAll.txt

Arp-a.txt

login-to-view

NogBadTheBad

192.168.2.1 00-0d-b9-50-e9-82 dynamic

hmmm your getting DHCP from the pfSense LAN2 interface, thats why I asked for the arp -a, to tie in the DHCP server IP and the MAC address.

The subnet mask is now /25 rather than /24.

Can you post a screenshot from the LAN2 config and the DHCP settings for LAN2.

IanHK

Thanks - here you go...

login-to-view

login-to-view

login-to-view

login-to-view

NogBadTheBad

https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.txt

https://tools.ietf.org/html/rfc2132

Remove DHCP option 1 and try again.

No need to go anywhere near the options config for standard users.

IanHK

You've got to be kidding! That just looked like a default panel with nothing saved - pfSense usually adds rows of saved items in a table underneath.

Anyway, I needed to add another row to get a delete option but when i did, the DHCP assigned mask is immediately the expected 255.255.255.0 and from my x.x.2.x workstation I can access the NAS webgui on x.x.1.x

So grateful - many, many thanks.