DHCP issues (and cannot pcap)
-
Hi, I am running pfSense with four virtual interfaces / 4 different VLANs with a DHCP server configured for each interface. My LAN port is connected to a Netgear managed switch which handles VLAN tagging.
I have a problem with DHCP that can only easily be demonstrated with some pictures: https://imgur.com/a/VSoOaFX. It seems traffic from devices is coming through to pfSense flicking between VLAN 11 and VLAN 13.
I don't know if this implies that my VLAN tagging is incorrect because the other issue is I cannot seem to capture any DHCP events in a pcap on pfSense. Firstly, I'm not sure if I should be capturing on interface: LAN or one of the relevant virtual interfaces. Nonetheless, I have tried capturing on both and even though I see DHCP events being logged, I cannot see them in the pcap.
I have a ubiquiti AP with four SSIDs, each corresponding to my four VLAN IDs 11, 12, 13, 14.
I've ruled out the AP as when I plug it directly into LAN of pfSense my wireless devices work as expected and I can't see any funky business going on.
I have a 16 port Netgear switch (simplified to 4 ports for this table) configured as follows, with port 1 going to pfSense LAN, port 2 to a device I want on VLAN 11, port 3 to a device I want on VLAN 13 and port 4 to ubiquiti
VLAN_ID Port 1 Port 2 Port 3 Port 4 1 11 T U T 12 T T 13 T U T 14 T T
pfSense LAN interface: 192.168.10.1 - no VLAN assignment
pfSense MAIN interface: 192.168.11.1/24, VLANID:11
pfSense IOT interface: 192.168.12.1/24, VLANID:12
pfSense VLAN interface: 192.168.13.1/24, VLANID:13
pfSense GUEST interface: 192.168.14.1/24, VLANID:14
Netgear switch configured with IP 192.168.11.6 and gw 192.168.11.1
Ubiquiti IP 192.168.11.9 and gw 192.168.11.1Had previously tried having the switch and AP on 192.168.10.x but that caused issues too, and I wanted to be able to access them both from the MAIN network.
Any suggestions as to what might be wrong or how I can go about capturing the DHCP handshake to enable further diagnostic that would be much appreciated.
Thank you
-
@nazuro port 1 need to be tagged and the rest is untagged. With ubiquiti, there is a recommended port to be use for trunk port, read your manual.
-
@akegec said in DHCP issues (and cannot pcap):
@nazuro port 1 need to be tagged and the rest is untagged. With ubiquiti, there is a recommended port to be use for trunk port, read your manual.
Hi, not sure I quite understand. Surely I need port 4 tagged to as it's receiving VLAN tagged traffic from Ubiquiti? Also, my ubiquiti only has one port, so I don't have any other option. What do you mean about the recommended port?
Thanks for your help!
-
This post is deleted! -
Typically, you'd have the untaggeg LAN, usually your main LAN and VLANs for the other SSIDs.
-
Hi both, thanks, still not sure I quite understand. @JKnott, so I could set up my management LAN not VLAN tagged as you suggest. In that case, if I still wanted four VLANs plus my management LAN then this would still be my Netgear port configuration, right? And the Untagged Management traffic will just flow through? I've been trying to get this to work for weeks!
VLAN_ID Port 1 Port 2 Port 3 Port 4 1 11 T U T 12 T T 13 T U T 14 T T
I can't think what else I need to change in my setup other than the switch and ubiquiti to being on the 192.168.10.x network.
-
I have native LAN and 1 VLAN on my Unifi AP, with the management on the main LAN. You'd just add as many VLANs as you need for the SSIDs. So, you'd have 1 SSID on the main LAN and 3 on VLANs.
-
@jknott Hi, thanks! I made a couple of small changes and now (fingers crossed) seems to be working..!
As suggested set the MAIN SSID to be the ubiquiti LAN, then I changed the Netgear so VLAN ID 11 was untagged on Port 4 (ubiquiti port)
Thanks for your help
-
Turns out I STILL have the same issues!!
This particular device is connected to the "C MAIN" SSID which is the default Network of Unifi (no VLAN tag), which is then connected to port 4 on my switch which is untagged for VLAN_11. Therefore it should be tagged with VLAN_11 right and go into pfSense on the correct "Main" Interface (igb1.11) NOT the VPN interface (igb1.13). Seems to flick between VLAN_11 / VLAN_13 and I can't understand why!
VLAN_ID Port 1 Port 2 Port 3 Port 4 1 11 T U U 12 T T 13 T U T 14 T T
Please, if anyone has any clues I really need the help! Thank you
-
Why are you using VLAN 11? Here, my main LAN & SSID are untagged, native. My guest Wifi is on VLAN 3. This means I configure VLAN 3 on pfsense, my AP and switch ports connected to pfsense and my AP. That's all it takes. Only use the VLANs to add additional SSIDs. And when you do that use the same VLAN ID all the way.