Problem with DHCP and a Cisco nexus 5020 10GB siwtch Not gettings ip addresses.



  • Hi i am having a problem with the dhcp sever on pfsense not giving my cisco 5020 a ip. I have made a opt1 interface and enabled dhcp in the dhcp server. I restart the dhcp server just to make sure it was applied and i go look at the leases and no ip's with 192.168.2.x show up. I restarted my switch and make sure that is good but when i try to ping 192.168.2.1 i get no route to host.

    I have no idea what is wrong. On the switch i have a vlan 2 with port 9-17. 9-16 are access ports and port 17 is a trunk port to pfsense.

    Thanks for your help!



  • Well, start with the basics.  Do the computers have an address via DHCP from elsewhere?  Can you ping if you manually configure an IP address in the same range as the DHCP server?  Does Packet Capture show any DHCP activity?  Are the computers on a VLAN?  Is pfSense configured for that VLAN?



  • For the switch i cant ping the router. Monitoring shows a little of outpass traffic from opt1 but i couldnt find the dhcp tab. I did att vlan 2 to pfsense vlan tab with no change.


  • LAYER 8 Netgate

    You have to add the VLAN to the physical interface then assign that interface use the VLAN in Interfaces > Assignments. That will make pfSense send/expect traffic tagged on that VLAN for that pfSense interface.

    ![Screen Shot 2018-02-10 at 10.29.16 PM.png](/public/imported_attachments/1/Screen Shot 2018-02-10 at 10.29.16 PM.png)
    ![Screen Shot 2018-02-10 at 10.29.16 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-02-10 at 10.29.16 PM.png_thumb)



  • @Derelict:

    You have to add the VLAN to the physical interface then assign that interface use the VLAN in Interfaces > Assignments. That will make pfSense send/expect traffic tagged on that VLAN for that pfSense interface.

    On pfsense i have a physical port going to the switch. I dont think i need a vlan on pfsense. On my switch my config looks like this.

    vrf context management
      ip route 0.0.0.0/0 192.168.2.1
    vlan 1
    vlan 2
      name vmware2
    port-profile default max-ports 512

    interface Ethernet1/1

    interface Ethernet1/2

    interface Ethernet1/3

    interface Ethernet1/4

    interface Ethernet1/5

    interface Ethernet1/6

    interface Ethernet1/7

    interface Ethernet1/8

    interface Ethernet1/9

    interface Ethernet1/10
      switchport access vlan 2

    interface Ethernet1/11
      switchport access vlan 2

    interface Ethernet1/12
      switchport access vlan 2

    interface Ethernet1/13
      switchport access vlan 2

    interface Ethernet1/14
      switchport access vlan 2

    interface Ethernet1/15
      switchport access vlan 2

    interface Ethernet1/16
      switchport access vlan 2

    interface Ethernet1/17
      switchport access vlan 2

    interface Ethernet1/18
      switchport access vlan 2

    interface Ethernet1/19

    interface Ethernet1/20

    interface Ethernet1/21

    interface Ethernet1/22

    interface Ethernet1/23

    interface Ethernet1/24

    interface Ethernet1/25

    interface Ethernet1/26

    interface Ethernet1/27

    interface Ethernet1/28

    interface Ethernet1/29

    interface Ethernet1/30

    interface Ethernet1/31

    interface Ethernet1/32

    interface Ethernet1/33

    interface Ethernet1/34

    interface Ethernet1/35

    interface Ethernet1/36

    interface Ethernet1/37

    interface Ethernet1/38

    interface Ethernet1/39

    interface Ethernet1/40
      switchport mode trunk
      switchport trunk allowed vlan 1-2

    interface Ethernet2/1

    interface Ethernet2/2

    interface Ethernet2/3

    interface Ethernet2/4

    interface Ethernet2/5

    interface Ethernet2/6

    interface Ethernet3/1

    interface Ethernet3/2

    interface Ethernet3/3

    interface Ethernet3/4

    interface Ethernet3/5

    interface Ethernet3/6

    interface mgmt0
      ip address 192.168.2.220/24
    line console
    line vty
    boot kickstart bootflash:/n5000-uk9-kickstart.5.2.1.N1.9a.bin
    boot system bootflash:/n5000-uk9.5.2.1.N1.9a.bin

    I have now even reset the interfaces and just make a trunk port on interface 1/40 and i still cant ping pfsense.

    Thanks for the help.


  • LAYER 8 Netgate

    If pfSense is connected to Ethernet 1/40 you have to assign the pfSense interface to VLAN 2. Is this ESXi or what? Where is pfSense? Physical or virtual?

    What is the exact physical layout? What is connected to what?



  • @Derelict:

    If pfSense is connected to Ethernet 1/40 you have to assign the pfSense interface to VLAN 2. Is this ESXi or what? Where is pfSense? Physical or virtual?

    What is the exact physical layout? What is connected to what?

    Pfsense is in its dedicated server. how my network is set up

    Modem-> pfsense -> lan to 192.168.1.x->switch-> internet side of vmware esxi
                              |
                                -> OPT1 to 192.168.2.x ->cisco 5020 switch-> storage network side for vmware hosts


  • LAYER 8 Netgate

    If you want OPT1 to talk VLAN 2 to a Cisco trunk port, the OPT1 interface needs to be assigned to VLAN 2 on ethX on pfSense. With ethX being whatever that physical interface is.



  • I did that and re worked my switches config and i still cant ping the router. The attachment is my pfsense lan's page.

    vrf context management
      ip route 0.0.0.0/0 192.168.2.1
    vlan 1
    vlan 10
      name vmware10
    port-profile default max-ports 512

    interface Ethernet1/1

    interface Ethernet1/2

    interface Ethernet1/3

    interface Ethernet1/4

    interface Ethernet1/5

    interface Ethernet1/6

    interface Ethernet1/7

    interface Ethernet1/8

    interface Ethernet1/9
      switchport access vlan 10

    interface Ethernet1/10
      switchport access vlan 10

    interface Ethernet1/11
      switchport access vlan 10

    interface Ethernet1/12
      switchport access vlan 10

    interface Ethernet1/13
      switchport access vlan 10

    interface Ethernet1/14
      switchport access vlan 10

    interface Ethernet1/15
      switchport access vlan 10

    interface Ethernet1/16
      switchport access vlan 10

    interface Ethernet1/17
      switchport access vlan 10

    interface Ethernet1/18
      switchport access vlan 10

    interface Ethernet1/19

    interface Ethernet1/20

    interface Ethernet1/21

    interface Ethernet1/22

    interface Ethernet1/23

    interface Ethernet1/24

    interface Ethernet1/25

    interface Ethernet1/26

    interface Ethernet1/27

    interface Ethernet1/28

    interface Ethernet1/29

    interface Ethernet1/30

    interface Ethernet1/31

    interface Ethernet1/32

    interface Ethernet1/33

    interface Ethernet1/34

    interface Ethernet1/35

    interface Ethernet1/36

    interface Ethernet1/37

    interface Ethernet1/38

    interface Ethernet1/39

    interface Ethernet1/40
      switchport mode trunk
      switchport trunk native vlan 10
      switchport trunk allowed vlan 1-10

    interface Ethernet2/1

    interface Ethernet2/2

    interface Ethernet2/3

    interface Ethernet2/4

    interface Ethernet2/5

    interface Ethernet2/6

    interface Ethernet3/1

    interface Ethernet3/2

    interface Ethernet3/3

    interface Ethernet3/4

    interface Ethernet3/5

    interface Ethernet3/6

    interface mgmt0
      ip address 192.168.3.25/24
    line console
    line vty
    boot kickstart bootflash:/n5000-uk9-kickstart.5.2.1.N1.9a.bin
    boot system bootflash:/n5000-uk9.5.2.1.N1.9a.bin

    This the the updated config.

    Thanks

    ![pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg](/public/imported_attachments/1/pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg)
    ![pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg_thumb](/public/imported_attachments/1/pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg_thumb)


  • LAYER 8 Netgate

    That is still not tagging LAN with VLAN ID 2.

    Create VLAN 2 on interface igb1

    Change the Network port for LAN to VLAN 2 on igb1

    Patch igb1 to a trunk port with VLAN 2 tagged on it.

    Be sure the firewall rules on LAN pass the desired traffic that will be inbound to it.



  • @Derelict:

    That is still not tagging LAN with VLAN ID 2.

    Create VLAN 2 on interface igb1

    Change the Network port for LAN to VLAN 2 on igb1

    Patch igb1 to a trunk port with VLAN 2 tagged on it.

    Be sure the firewall rules on LAN pass the desired traffic that will be inbound to it.

    I re made the vlan to vlan10 on the switch and in pfsense.

    I dont think i'm understanding. The opt1 port is on 192.168.2.1 and thats the network i need to give ip's to the switch to my hosts.


  • LAYER 8 Netgate

    Please describe EXACTLY what interface you are talking about and please post the screen shots of Interfaces > Assignments and the switch port you are connecting to pfSense.

    Setting the PVID (native) here says you want the traffic UNTAGGED on that port:

    interface Ethernet1/40
      switchport mode trunk
      switchport trunk native vlan 10
      switchport trunk allowed vlan 1-10

    If it is tagged on one interface it has to be tagged on the other.



  • @Derelict:

    Please describe EXACTLY what interface you are talking about and please post the screen shots of Interfaces > Assignments and the switch port you are connecting to pfSense.

    Setting the PVID (native) here says you want the traffic UNTAGGED on that port:

    interface Ethernet1/40
      switchport mode trunk
      switchport trunk native vlan 10
      switchport trunk allowed vlan 1-10

    If it is tagged on one interface it has to be tagged on the other.

    I re configured ethernet 1/40 and removed trunk native line.

    I will attach pictures of the tabs and a diagram of how things look.

    Thanks

    ![pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg](/public/imported_attachments/1/pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg)
    ![pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg_thumb](/public/imported_attachments/1/pfSense.localdomain - Interfaces_ Interface Assignments-1.jpg_thumb)
    ![pfSense.localdomain - Interfaces_ VLANs-1.jpg](/public/imported_attachments/1/pfSense.localdomain - Interfaces_ VLANs-1.jpg)
    ![pfSense.localdomain - Interfaces_ VLANs-1.jpg_thumb](/public/imported_attachments/1/pfSense.localdomain - Interfaces_ VLANs-1.jpg_thumb)
    ![pfSense.localdomain - Status_ Dashboard-1.jpg](/public/imported_attachments/1/pfSense.localdomain - Status_ Dashboard-1.jpg)
    ![pfSense.localdomain - Status_ Dashboard-1.jpg_thumb](/public/imported_attachments/1/pfSense.localdomain - Status_ Dashboard-1.jpg_thumb)


  • LAYER 8 Netgate

    How is the switchport connnected to cxgb0 currently configured?

    What, specifically, isn't working.

    You are going to have to be very specific to overcome this language barrier.



  • @Derelict:

    How is the switchport connnected to cxgb0 currently configured?

    What, specifically, isn't working.

    You are going to have to be very specific to overcome this language barrier.

    The csgb0 port is connect to the trunk port on the switch ethernet 1/40.

    Whats not working is i cant ping the router from the switch and the switch is not getting a ip address from pfsense.

    Now i just did a test about hardware problem. The 10gb nic i have is a Chelsio T320-CO-SR.
    If i'm correct if i connect cxgb0 directly into one of my hosts that port should get a ip address from pfsense.
    I did that and i got no ip address.
    I tried the same thing and igb2 which is opt2 on my router and connected it into my host and i got a ip address.

    Could this because of a hardware fault?


  • LAYER 8 Netgate

    It could be a hardware fault but there is really no way to know with the information being provided.



  • @Derelict:

    It could be a hardware fault but there is really no way to know with the information being provided.

    What could i post to help this out?

    I'm i correct on how dchp should work when directly connecting a end device?


  • LAYER 8 Netgate

    I will ask one question at a time so we don't get lost…

    What pfSense interface are you talking about? LAN, OPT1, or OPT2?



  • Opt1 is the interface I'm having problems with.@Derelict:

    I will ask one question at a time so we don't get lost…

    What pfSense interface are you talking about? LAN, OPT1, or OPT2?


  • LAYER 8 Netgate

    Please post a current screenshot of Interfaces > Assignments



  • @Derelict:

    Please post a current screenshot of Interfaces > Assignments



  • LAYER 8 Netgate

    Please post the switch port configuration for the port connected to cxgb0.



  • @Derelict:

    Please post the switch port configuration for the port connected to cxgb0.

    interface Ethernet1/40
      switchport mode trunk
      switchport trunk allowed vlan 1-10


  • LAYER 8 Netgate

    OK and a DHCP server is configured on the OPT1 interface in pfSense? Can you post that?



  • @Derelict:

    OK and a DHCP server is configured on the OPT1 interface in pfSense? Can you post that?





  • LAYER 8 Netgate

    OK then something connected to an access port on VLAN 10 on the switch should get an IP address.

    If not you have to figure out why not.

    I have found looking at the mac address table on the switch for that VLAN is a good place to start.

    You could also send the output of these commands entered into Diagnostics > Command Prompt (or run from the shell)

    ifconfig cxgb0

    ifconfig cxgb0.10



  • That's the funny thing. I don't a single ip address to the switch.

    There are those commands ran.
    @Derelict:

    OK then something connected to an access port on VLAN 10 on the switch should get an IP address.

    If not you have to figure out why not.

    I have found looking at the mac address table on the switch for that VLAN is a good place to start.

    You could also send the output of these commands entered into Diagnostics > Command Prompt (or run from the shell)

    ifconfig cxgb0

    ifconfig cxgb0.10





  • LAYER 8 Netgate

    That looks fine.

    You need to look closer at layer 2.

    What mac addresses are on VLAN 10?

    Probably something similar to show mac-address-table



  • @Derelict:

    That looks fine.

    You need to look closer at layer 2.

    What mac addresses are on VLAN 10?

    Probably something similar to show mac-address-table

    Vlan 2 is vlan 10 same config. I tried to redo it again.



  • LAYER 8 Netgate

    I am pretty limited to what I can do after this. Everything looks fine on the pfSense side.

    Maybe try to ping something on the 192.168.2.0/24 network from Diagnostics > Ping. That should put the pfSense MAC address in the switch's table. If not you need to figure out why not.

    That switch certainly supports mirroring. Mirror that port to something else and wireshark it.

    You are fortunately/unfortunately dealing with a 10G SFP+ port or I'd suggest putting a laptop interface on vlan 10 and plugging in directly.

    Assign OPT1 to a gig-e port and try that?



  • @Derelict:

    I am pretty limited to what I can do after this. Everything looks fine on the pfSense side.

    Maybe try to ping something on the 192.168.2.0/24 network from Diagnostics > Ping. That should put the pfSense MAC address in the switch's table. If not you need to figure out why not.

    That switch certainly supports mirroring. Mirror that port to something else and wireshark it.

    You are fortunately/unfortunately dealing with a 10G SFP+ port or I'd suggest putting a laptop interface on vlan 10 and plugging in directly.

    Assign OPT1 to a gig-e port and try that?

    After all your help i'm just stuck. Right now I'm returning my T320 card and buying a T520 10gb card and see if that was may problem. I'm have a really good feeling it it.

    Will post when i have tested with the new card!

    Thanks all for your help so far!


Log in to reply