@jpod2019 said in Can you run DHCP, DNS and NTP on different VIPs?: (I’m assuming everything will be done through the LAN interface and VIPs) I'm assuming you mean WAN there. You can have a single interface and it will be WAN and that's fine. The anti-lockout rule will be applied there instead of LAN in that case. If you add a VIP on the WAN all services will listen on it by default so you can add VIPs for NTP and DNS and it will work. DHCP will only run on the interface address though. By default DHCP wil hand out it's own IP for NTP and DNS so you would need to make sure you set those values in the DHCP setup. Though it would still work fine for anything using DHCP since those services would also be listening on the interface IP. Steve

@Gertjan said in Trouble With CaptivePortal on Two VLANs in One Interface: You are already using multiple interfaces - a VLAN is considered as a interface. Typically, each interface has its own dedicated AP(s) - using a dedicated radio (== Wifi) setup. A user should choose the correct Wifi SSID first to use the correct network. You can't automatize this. I just wanted to make it happen. I was planning to redirect the user to the correct VLAN by using just one SSID. But I completely got that I can not do it. Thanks for your helps. @free4 I still can not find an opportunity to try PacketFence. I will write down here if I can be successful on it.

If you're on a UNIX-like system you can use this to capture remotely from a UniFi AP and from pfSense -- I found this somewhere and noted it down. Change X.X.X.X for the correct address. UniFi AP ssh ubnt@X.X.X.X 'tcpdump -f -i br0 -w - not port 22' | wireshark -k -i - You need Wireshark installed, obviously--works on Macs too and it won't get super hot like when you capture directly on it. pfSense ssh root@X.X.X.X 'tcpdump -f -i em0_vlan100 -w - not port 22' | wireshark -k -i - Here you'll need to change em0_vlan100 for the correct interface, but you can SSH in and get them with ifconfig. :) Good luck!

Olá. Você disse que o dispositivo pára inclusive de "acessar a rede", o que indica que o firewall pode não ser o seu problema. 2 perguntas: Você está utiilzando switch para a LAN? Qual a marca e modelo? Você utiliza quantos roteadores sem fio? Qual marca e modelo? Creio o seu problema estar relacionado com a capacidade máxima dos APscolored text

@jafr said in DHCP failing when moving between AP's: HP 2530 Quick look shows that that switch can do dhcp snooping since I see in the manual dhcp snooping events for snmp.. So you need to look at the configuration of that switch or the port your AP is connected to. If pfsense does not see the discover for dhcp then no it would never offer an IP..

What is the DHCP server logging?

Here's some snips that might help: Interface setup [image: 1535825169862-guest-resized.png] [image: 1535825230513-lan-resized.png] DHCP [image: 1535825380502-dhcp-resized.png] DNS [image: 1535825448790-dns-resized.png]

Assume for the moment that the error message is actually correct. Check all the existing DHCP Lease information to see if that IP address, MAC, or hostname was already assigned. DHCP can hold inactive lease information for a while. Also check Diagnostics->ARP Table, to see if that IP address is already listed to a different MAC address. It's possible that the address was used in a local static assignment already, not involving DHCP. You should do this shortly after trying to assign the static mapping as ARP entries will expire from the cache. Note: if DHCP relaying is involved you'll need to check this on a box attached to the subnet in question, using "arp -a" (works on *nix and Windows). Originally I thought that it could have been you were trying to make permanent the IP address it got dynamically from the DHCP Pool, but that yields a very specific error message to that effect. At least in version 2.4.3.

Merci @ccnet pour votre retour. Alors depuis mon espace OVH je vois bien une passerelle mais sur mon VPS, il n'y a aucune passerelle de configurer... 2001:41d0:0305:2100:0000:0000:0000:0001 Effectivement le but de ma démarche et d'obtenir une passerelle afin d'interconnecté mon VPS avec un réseau exterieur.