Moving routing off to a switch but still need DHCP



  • Hey Everyone,
    So at home I am in the process of migrating over to a Juniper EX3200. PFSense has handled my routing superbly all these years. But the problem I have is when pfsense goes down for updates or I'm working on that server I lose my access to all of the other vlans until it comes back to life. So since I got this switch and it can handle the routing for me I figured I'd off load that responsibility from pfsense. Here is my issue though. Through my learning of how to configure this switch I understand that I need to have pfsense with just a single LAN interface and I'll assign a static route in the switch to send all of the 0.0.0.0 traffic off to pfsense. But I'll also configure a dhcp helper roll on the switch for each of the vlans to send dhcp requests to pfsense. But what I'm not seeing is a way within PFSense to handle dishing out IPs based on the subnet that the request is coming from. As its currently configured I can dish out and I currently do IP's based on the vlan interface that the request comes in on. But as I move forward with this how do I configure pfsense to dish out IPs based on the subnet rather than the vlan?


  • Netgate

    Right. pfSense won't do that. You'll have to roll out another DHCP server.



  • Gotcha thank you @Derelict for your quick response. BTW I updated the subject line as I see I had DNS on the brain from another thing I was working on :)


  • Rebel Alliance Global Moderator

    So the 5 minutes it takes to update pfsense that happens on your schedule.. And you want to move to a downstream router? Doesn't make a lot of sense to me - but sure have fun..

    Pretty sure you can just run dhcp on the ex3200, which model do you have? Just curious - are they not all end of life next year?



  • @johnpoz Yeah I was also thinking of the times that I do something stupid and kill pfsense :). Then I have to go down to the crawlspace and plug in directly to a port on the switch in order to access my management vlan :). Yeah I can run DHCP on the switch itself as well and I'm thinking that will be the route I might go if I don't decide to scrap this whole idea. I picked up the switch off of ebay to replace my ancient Linksys one thats starting to show signs of aging. Figured the Juniper would be a nice learning tool as well. I'm just a home user so I don't have the big IT budget as the enterprise world ;)
    As it has been a while since I have muddled around in the routing world like this. If I do move the routing to the switch do you know off hand if my specific firewall rules will still work? For example the kids vlan has a restriction in place for internet time. Wasn't sure if the IP would be NAT from the switch to pfsense or if pfsense would still see the originating subnet. LOL the more I think about this the more complicated I think I'm making it in my head


  • Rebel Alliance Global Moderator

    You can firewall to the internet on pfsense with downstream router, but all you intervlan traffic will have to be done on the new router your putting downstream.

    I can tell you for sure that managing the firewalls on that switch via cli going to be a big learning curve ;)

    Here is the thing running a downstream router is the next level in networking... You now have a transit network - which confuses the shit of many even people that work in it ;) hehehe Prob about once a week or so sometime many times a week see threads about asymmetrical routing here and bring up you need a transit network and its like you can almost hear the deer in the head lights stare ;)

    All your intervlan firewall will have to be down at that new downstream router.. What kind of stupid shit could you be doing that kills pfsense? Implement change windows if that is the case and only fiddle around when its after production hours ;) ie the wife and kids don't need the internet...

    So am curious which one did you get off ebay a 24 port or 48 port - does it do POE? What version of junos you running on it? 15.1R7.9 just came out recent..



  • @thefuzz4 said in Moving routing off to a switch but still need DHCP:

    Then I have to go down to the crawlspace and plug in directly to a port on the switch in order to access my management vlan :).

    What's your switch doing down there?