not getting a dhcp address on vlans with new install.
-
Hi all,
Please can i get some help please.
I have pfsense installed in hyper v with 2x nics. wan and lan.I have created 4x vlans within the gui.
main 192.168.10.1
iot 192.168.20.1
guests 192.168.30.1
cctv 192.168.40.1I have an allow all rule on the main vlan so i can get to all other vlans from my pc and laptop.
iot will just be internet only. guests and cctv, i'm not concerned about at moment.The LAN nic is connected directly to port 23 on a procurve 1810g switch. On port 23 i have made that a tagged port so that it knows about all vlans.
I have created all 4 vlans on the switch and assigned ports as untagged for pc's, nas.
I have a unify ap that is connected to port 24 on the switch and is set to untagged as i have read unify aps need untagged. Yet with all this setup, no devices get a dhcp address. Theres not even anythink in logs that i can see to suggest a request was even made to pf sense.
I'm fairly new to pfsence and still learning but as far as i'm aware dhcp should be working out from each of the vlans. Oh and i did enable dhcp server on each of the vlans.
Any help would be amazing.
Dan
-
@godhead83 said in not getting a dhcp address on vlans with new install.:
I have created all 4 vlans on the switch and assigned ports as untagged for pc's, nas.
I have a unify ap that is connected to port 24 on the switch and is set to untagged as i have read unify aps need untagged. Yet with all this setup, no devices get a dhcp address. Theres not even anythink in logs that i can see to suggest a request was even made to pf sense.????
Have you created tagged VLANs? Unifi APs definitely work with tagged. I have one here and my guest SSID is connected to VLAN3. If you have multiple SSIDs on an AP and want them to be on separate subnets, tagged VLANs are essential.
Do some planning. Start with deciding what VLAN is going to be used for what. The main network is usually on native LAN.
Pick a number for each VLAN and create them on pfsense. Configure everything for those VLAN IDs as required. This includes switches and APs.Go through that and make sure you haven't left anything out.
-
@jknott said in not getting a dhcp address on vlans with new install.:
@godhead83 said in not getting a dhcp address on vlans with new install.:
I have created all 4 vlans on the switch and assigned ports as untagged for pc's, nas.
I have a unify ap that is connected to port 24 on the switch and is set to untagged as i have read unify aps need untagged. Yet with all this setup, no devices get a dhcp address. Theres not even anythink in logs that i can see to suggest a request was even made to pf sense.????
Have you created tagged VLANs? Unifi APs definitely work with tagged. I have one here and my guest SSID is connected to VLAN3. If you have multiple SSIDs on an AP and want them to be on separate subnets, tagged VLANs are essential.
Do some planning. Start with deciding what VLAN is going to be used for what. The main network is usually on native LAN.
Pick a number for each VLAN and create them on pfsense. Configure everything for those VLAN IDs as required. This includes switches and APs.Go through that and make sure you haven't left anything out.
I have read lots of people say don't use native vlan so thats why i have vlan10 Main.
After a bit of digging after i posted this i came across this post on reddit. Its almost identical to my setup and seems to suggest hyper v is the issue and need to do some dreaded power shell.
https://www.reddit.com/r/PFSENSE/comments/7hq95n/pfsense_vm_vlans_hp_procurve_1810g24/
-
@godhead83 said in not getting a dhcp address on vlans with new install.:
I have read lots of people say don't use native vlan so thats why i have vlan10 Main.
I have never used Hypervisor, so I can't help you with that. However, I have never set up a network where the main LAN was on a VLAN. The closest I came to that was one where someone put the main network on a VLAN and VoIP on the untagged, native network. You really don't want to go there.
What I have done, though not with pfsense or Hypervisor is set up a network in a seniors residence, with the office LAN on native, and VoIP, inmates and management networks all on VLANs. One issue of using a VLAN for the main LAN is every device that has to use it must support VLANs. Computers can, many other devices don't. Again, I haven't worked with Hypervisor, so I'm not aware of any reason there might be for putting the main network on a VLAN.
-
@jknott said in not getting a dhcp address on vlans with new install.:
@godhead83 said in not getting a dhcp address on vlans with new install.:
I have read lots of people say don't use native vlan so thats why i have vlan10 Main.
I have never used Hypervisor, so I can't help you with that. However, I have never set up a network where the main LAN was on a VLAN. The closest I came to that was one where someone put the main network on a VLAN and VoIP on the untagged, native network. You really don't want to go there.
What I have done, though not with pfsense or Hypervisor is set up a network in a seniors residence, with the office LAN on native, and VoIP, inmates and management networks all on VLANs. One issue of using a VLAN for the main LAN is every device that has to use it must support VLANs. Computers can, many other devices don't. Again, I haven't worked with Hypervisor, so I'm not aware of any reason there might be for putting the main network on a VLAN.
I thought that was what people did.
So the LAN interface doesn't have dhcp on at the moment and is even in a ip range i don't usually use. 1.2 i think. I thought this adapter in pf sense was like an adapter that sits as a middle man for all the vlans. So My LAN adapter is Hmn1 and then all the vlans all say vlan10 hnm1, vlan20 hnm1. -
Start simple. Get the main LAN going first, including DHCP. Once that is done, you can do the same with the VLANs, including a DHCP server for each one. By doing things one step at a time, it's easier to resolve problems. Also, you should get handy with Wireshark, to see what's actually happening on the wire. You can also enable a column in it to display VLAN ID.
