Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    No DHCP over VLAN

    DHCP and DNS
    3
    9
    3276
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kalas666 last edited by

      Hi All

      I've been using pfsense for a while now.  We have recently bought a Draytek 910C AP which supports multiple VLAN's.
      We want to set 1 vlan up as the internal AP and the second vlan for guest access.

      I have added a dual port nic into the pfsense and configured the interfaces accordingly.  This physical nic is directly connected to the AP.

      Although the client machines can authenticate on the AP they do not get an IP.

      If I set them up as static they get net access and there is no issue with routing across subnets.

      I currently have a pass all on every protocol for the vlan Rule for testing.

      The dhcp logs do not show any requests on the vlan subnet.

      I know this should be simple, but there is something I'm missing.

      Thanks,
      Chris

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        So you have the AP directly connected to the pfsense?  Or is there a switch?  If you setup multiple vlans on your AP and your tagging them with what ID? 100, 10, 199?  Then you would have to create your vlan on pfsense with the same tag.

        if your connected to a switch the switch will have to be configured in trunk mode via the cisco turn that means that ports carries the tags that is connected both to your pfsense interface that you have the vlans on and the port connected to the AP.

        1 Reply Last reply Reply Quote 0
        • K
          kalas666 last edited by

          Hi,
          Thanks for the reply.

          The AP is effectively directly connected to 1 nic on the pfsense. There is no switch between the pfsense and the AP.
          There are 3 vlans sat on the 1 physical nic. vlan5 for managment (192.168.5.1), vlan10 for guest (192.168.10.1) and vlan 20 for internal wifi (192.168.20.1). 
          As I said in my previous post, If I statically assign ip's, then the clients can authenticate with the AP and have full network access.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            Well do you see dhcp discover on pfsense interface you have the AP connected too?  Do you have dhcp enabled on you vlan interfaces?

            There is no reason for a pass all rule, when you enable dhcp server on interface it auto creates hidden rules to allow for dhcp.  If your not seeing anything in the logs.  Make sure you actually sniff on the physical interface of pfsense and check if your seeing the packets or not.  If your not seeing the packets then you have an issue with your AP..

            1 Reply Last reply Reply Quote 0
            • D
              dillbilly last edited by

              Bumping this thread.

              I'm having the same issue that kalas666 is. I've had VLANs working before with my current hardware (pfSense on a SuperMicro Atom server and a Cisco Small Business 200 series switch), but this is the first time I've created any since upgrading psSense to 2.3.

              DHCP works fine on LAN
              DHCP is enabled on VLAN
              VLANs are set up correctly on the firewall, switch, WAP, and VMware server
              Clients on VLANs cannot receive a DHCP lease
              Assigning a static address provides the appropriate network access to wireless and vm clients
              No signs of requests from VLAN clients in the DHCP logs

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                "No signs of requests from VLAN clients in the DHCP logs"

                Well if the dhcp server does not see the discover how can it make an offer?  Where are the discovers being lost - are they not being tagged?  What I can tell you is I have vlans both wired and wifi that get dhcp from pfsense without any issues.

                1 Reply Last reply Reply Quote 0
                • D
                  dillbilly last edited by

                  Traffic is obviously getting tagged, as everything worked properly when a static IP address was set. The lack of a log entry could mean two things 1) that it wasn't receiving traffic, or that 2) it wasn't listening correctly to the VLAN interface. I factory reset pfSense and without changing the config on any of my other hardware have added two VLANs to the default config and DHCP seems to be working, which indicates that it was an issue with pfSense and my particular configuration. I'll restore my old config to see if I can do some log gathering again, but I was running a fairly vanilla setup with only a few rules and snort installed but not running.

                  1 Reply Last reply Reply Quote 0
                  • D
                    dillbilly last edited by

                    So having partially reconstructed the VLANs I had in my prior config the issue has cropped up again, and it does seem to be pfSense at fault.

                    Running absolutely vanilla pfsense, all I've done was go through the initial wizard, create my VLANs, and enable the DHCP server on what is to be my guest VLAN. Network access? Check. DHCP leases? Nope. Checked the logs and I have this error:

                    Can't bind to dhcp address: Address already in use
                    Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf. Also make sure you are not running HP JetAdmin software, which includes a bootp server.
                    

                    This thread https://forum.pfsense.org/index.php?topic=90549.0 has some discussion on the topic, but no practical solutions.

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      If I had to guess dhcp did not restart when you added your interface, so when it tried to start again it already saw listening on 67

                      Did you just try stopping dhcpd and restarting.  It listens on all IPs

                      [2.3.2-RELEASE][root@pfSense.local.lan]/root: sockstat -L | grep :67
                      dhcpd    dhcpd      8498  16 udp4  *:67                  :
                      [2.3.2-RELEASE][root@pfSense.local.lan]/root:

                      You can then verify your on your interface via

                      [2.3.2-RELEASE][root@pfSense.local.lan]/root: ps axww | grep dhcpd
                      8498  -  Ss      0:29.39 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid em1 em2 em3 em2_vlan200 em2_vlan100 em2_vlan300 em2_vlan500

                      so you can see mine is listening on multiple vlan inerfaces.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense Plus
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy