4. DHCP on VLAN not working

DHCP on VLAN not working

  • O

    Good Morning together!

    We are new into pfSense and set up our companies new Firewall with pfSense in a Test Lab.

    Now I was able to create several VLANs on the pfsense and configure them as an Interface.
    I assigned them all to ix0 (which is one of our two 10GB Ethernet jacks on our SUPERMICRO Server), configured an DHCP-Server and DNS-Forwarding for every VLAN.
    (192.168.[1 … 100].[10 … 250] DHCP Ranges, Interface IP is allways 192.168.xxx.1 )

    Now the Problem:
    When I put this "trunk" on ix0 (as Cisco world would call it) into a switch, I won't get any DHCP Lease on non of the assigned ports.

    We tested arround with an TP-LINK tl-sg108pe and one DLINK DXS3350SR. Our Trunk-Ports where in "TAGGED" Mode and the VLAN-attending Ports where configured to be untagged.

    Can you imagine what we are doing wrong?
    Do we have to turn of the physical interface ("LAN") and only use the VLANs

    Side-Not: When I configure DHCP Server on an physical interface of the Supermicro, I get an DHCP Lease immediatly, so the service itself does fine.

    Thanks for your help, as our IT staff starte getting despaired :P

    0
  • LAYER 8 Netgate

    If you have an interface on ix0_vlan10, you need to make sure VLAN 10 is tagged to pfsense on the switch port ix0 is connected to. Any host on the switch on an untagged (access) port on VLAN 10 will get DHCP from that DHCP server. You can also statically assign a workstation to say, 192.168.XXX.100/24. See if it can ping 192.168.XXX.1. If not see if it has ARP for 192.168.XX.1 after trying to ping it. If not, your Layer 2 is not right.

    No, the parent interface ix0 does not need to be assigned for the VLAN interfaces to work. If it is assigned, it might have to be enabled for the VLANs on it to function. I would have to test that.

    Look in the switch to see if you can see all the MAC addresses associated with VLAN XXX. I used to do things like that all the time to quickly determine if a VLAN was properly tagged through the infrastructure.

    On a Brocade it would look something like this:

    
telnet@6450#show mac-address vlan 999
Total active entries from VLAN 999 = 12
MAC-Address     Port                 Type          Index  VLAN 
d468.4d1f.5a00  1/2/2*1/2/4          Dynamic       51600  999  
3c07.540c.2316  1/2/2*1/2/4          Dynamic       27692  999  
0060.2e02.45bd  1/1/24               Dynamic       8132   999  
d468.4d1f.7140  1/1/43               Dynamic       52932  999  
6c19.8f93.953b  1/1/43               Dynamic       49840  999  
0008.a20a.5942  1/1/44               Dynamic       1500   999  
1c5f.2bb5.ee37  1/2/2*1/2/4          Dynamic       39464  999  
6805.ca0a.3b21  1/1/26               Dynamic       992    999  
0026.bb5a.7f32  1/1/3                Dynamic       14620  999  
d050.99e1.5612  1/1/25               Dynamic       39044  999  
001e.8cf1.e910  1/1/42               Dynamic       21712  999  
66b5.a87f.db78  1/1/41               Dynamic       64596  999

    I know that 1/2/2*1/2/4 is a lagg to another switch. Since I am getting MAC addresses there I know VLAN 999 is tagged properly between them.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy