DHCP for VLAN's - No Tab to Select VLAN
-
I'm currently using a Ubiquiti EdgeRouter Pro. I'm wanting to switch to a UniFi Security Gateway-Pro to be able to have router, switches, and WAP's configured under a single interface.
Currently, the UniFi lineup doesn't support DHCP IP reservations without the client connecting first. I can't reserve IP addresses before the client connects – only after, and clients that disconnect can't be deleted from a table/mapping list.
Therefore, I want to use my pfSense server as a DHCP server.
I've configured a test VLAN to setup. 1 is my main VLAN/untagged, 2 is for my smart TV's, 3 for guest WiFi, and 4 for my AT&T MicroCell. None of the VLAN's should be able to talk to each other or access devices on the main network. (The Samsung SmartTV's see all of my Sonos devices and lists them as input sources, which is why I isolate it from my main network.)
When I click on the DHCP Server tab, I see a header for LAN. I don't see the header for my VLAN2 (I haven't created the others until I get this sorted out). I currently don't have DHCP enabled because I'm not wanting to do that until I get everything set up.
Are the VLAN DHCP server tabs not enabled until you enable DHCP, or am I missing something here? VLAN2 is enabled in the interfaces tab.
I'm running pfSense 2.3.2.
-
Did you configure an IP address on the VLAN interface?
-
Yes I was able to figure it out. It should be labeled differently. I had chosen DHCP thinking that was the option to have the DHCP assign IP's. I thought static was to assign a single IP to a single device.
-
Labeled differently how? When you click into an interface that you have just created.. There is
IPv4 Configuration Type, with a dropdown - how would you think dhcp here would mean enable dhcp server?? Had you been drinking?? ;)
-
please help me how to setup this.. thank you
-
how to setup what?? You create a vlan, and then enable dhcp server on that vlan.. Confused as to how this is not just plain common sense. You can enable dhcp server on any interface that is static IP and does not have dhcp relay enabled on it.
So you create your vlan interface and then click the little box that says enable dhcp..
-
I created a vlan
with a fixed IP address of 192.168.2.1 and assigned it to the OPT2 interface.Im running pfsense 2.4.5-RELEASE-p1
Im following these instructions https://docs.netgate.com/pfsense/en/latest/book/vlan/pfsense-vlan-configuration.htmlSo having created a VLAN and assigned it to an interface, I go to "Services - DHCP server" and don't see the OPT2 port I created. That port has (1) an IP address and (2)it is enabled. What is required to add a DHCP server to the port ? Well I found out. When you go to create the IP address, which I assumed was the address assigned to the VLAN port, the CiDR setting was /32 meaning it was a single IP address. pfsense won't let you assign a DHCP server to that address. I don't understand why, since the port is a single IP address. Why does the port need a non single IP address subnet to allow a DHCP server to be assigned to it ? That is not explained anywhere. If someone could help me understand this situation I would be grateful. TX
-
@parry said in DHCP for VLAN's - No Tab to Select VLAN:
I don't understand why, since the port is a single IP address.
A /32 means that "network" that device is on is only 1 IP address.. So how would there be IPs to hand out on the same network as the interface if there is no IP address to pass out?
-
Because a /32 only allows for 1 ipaddress... If you already assign it to the interface, then there are no more ip's left in that subnet for you to hand out by DHCP
-
Thank you for taking the time to answer, it is always helpful. I understand CIDR and the fact that this assigns one IP address to an endpoint, but the view I was taking, which was not refuted anywhere else is that the IP address that the port is set at is then added to with a DHCP server which provides the range of ip addresses. In many of the consumer and even some commercial routers(which add a dhcp server), this is how they are configured. In the cases of pfsense it seems that the setting of the ip adress for a port also constrains the range of dhcp addresses that are allowed to pass through that port[I may be using the wrong terminology]. Please help me understand if this is a normal practice - setting an ip address then implicitly associating a DHCP set of addresses that map through the address space created with a separate server. For me the conceptual challenge is that the entry says "IP address" Singular.
Why a range is associated with that single ip address is not explained. Or at least that is how I perceive it. You may have a more accurate view of the mechanistics of the system and may be better educated in networking systems so please have at it and explain why this setting is formulated in this manner. -
Ok I think I understand now. Having read the two answers again. I did not understand that /32 defines a subnet, I thought it just constrained that port to 1 IP address. What heper said, that /32 defines the subnet thus constraining it to one IP address explains how other IP addresses could show up on a subnet if the range of addresses allowed on a subnet is larger, e.g. 256 addresses with /24 notation] Sorry to be a bother
-
@parry said in DHCP for VLAN's - No Tab to Select VLAN:
I understand CIDR and the fact that this assigns one IP address to an endpoint, but the view I was taking, which was not refuted anywhere else is that the IP address that the port is set at is then added to with a DHCP server which provides the range of ip addresses.
I'm trying to make sense of your question, but if you have a /32 and there is only 1 address available, but you need addresses for both the DHCP server and client, how do you manage that?
-
@JKnott said in DHCP for VLAN's - No Tab to Select VLAN:
I hope I answered my own question earlier and possibly yours. It may seem trivial, but if the address is set in the port to a /32 CIDR notation it may be helpful to have a message that says something like "you idiot, you created a subnet with one 1 IP address available , so no DHCP server can be added". But that's my opinion. And Im learning. Thank you for teaching me.
-
The thing is, that's an entirely valid configuration. In fact, with IPv6 it's common. For example, my WAN IPv6 address is a /128, the IPv6 equivalent of a /32. You just have to know when a /32 is appropriate.
