Cannot set a static address on a VLAN interface

morgenstern · Jul 10, 2019, 3:12 PM

Hi all, I am plannining to replace a Draytek VDSL router with a pfsense box on one of our remote sites.

The previous admin had the VLAN interfaces for the WiFi network set as:

VLAN 30 - 10.0.30.0 /28
VLAN 40 - 10.0.40.0 /29
VLAN 50 - 10.0.99.0 /24

When enabling this on pfSense tho, (specifically VLAN 30, 10.0.30.0 /28) I am getting this error:

"This IPv4 address is the network address and cannot be used"

I guess "10.0.x.x" is not an officially reserved range but is there perhaps a way of circumventing this without having to repogram the connected access points?

Thanks!

johnpoz · Jul 10, 2019, 3:36 PM

well because .0 is the wire or network, not a host address. When setting an IP on the host you would actually set the address.. For all of those masks and ranges the first viable host IP would be .1

and yeah 10.anything or 10/8 is reserved rfc1918 space..

Do you have 10.0.30 with other masks being used elsewhere - its common to use /24 when your not worried about stepping on other networks.. Makes it easier to see the network..

For example your 10.0.30.0/30 network is limited .1-14 as host address
your /29 is .1-.6

Why not just make them all /24?

viragomann · Jul 10, 2019, 3:34 PM

The problem is what the error massage tries to tell you:
10.0.30.0 is a network address and cannot be used as an interface address.
So set the interface IP to something from 10.0.30.1 to 10.0.30.14.

morgenstern · Jul 10, 2019, 4:06 PM

Of course! Apologies that was a human error really.

I was setting up single interfaces / nodes on those networks, not the networks themselves!

I will no go and shoot myself.

Thanks guys!

jahonix · Jul 12, 2019, 1:47 AM

@morgenstern said in Cannot set a static address on a VLAN interface:

that was a human error really.

Not necessarily!
Since the death of Windows 95/98 it is officially possible to use the network address for a host. Windows95/98 used that for directed broadcast traffic but that's history.
I just found this info: Cisco routers (from IOS 12.0 onwards) now have ip subnet-zero enabled by default
I read about this in an RFC some time ago but I cannot find it right now.

For same subnet traffic it is absolutely fine to use the .0 address for a host. It is discouraged to use in routed traffic mainly because of older devices that still exclude the all-0 and all-1 addresses from routing. Like pfSense obviously...

johnpoz · Jul 12, 2019, 1:09 AM

While I concur that you "could" use the wire as a host address - you have been able to do it for years actually... Its still not a "good" idea.. And with rfc1918 space it for sure make zero sense to do.. Not like you are limited on IP space :) Might be different if you are limited to a /29 or something with public space..

You can in theory also use the broadcast address as host.. But again it make no sense to do so really "ever" ;)

If you "really" have a need - you could put in a feature request.. They could maybe add a checkbox to allow for the wire address to be used.. Wouldn't suggest anyone actually do that - but sure you could put in a request.. Even if technically possible its not good practice.

jahonix · Jul 12, 2019, 1:19 AM

While it's hard to run out of addresses in RFC1918 I had this problem with a public /25.

The broadcast address actually has traffic to it so I wouldn't think of using it for anything other than broadcasts. But subnet-zero is just a relict from the pre-CIDR past and doesn't see any actual traffic.

Just use it as another tool in your bag when you're one short. As usual.
Same holds true for switch ports, patch cables needed right now ...

johnpoz · Jul 12, 2019, 1:25 AM

@jahonix said in Cannot set a static address on a VLAN interface:

Just use it as another tool in your bag when you're one short. As usual.

True - but I personally would only use it as a stop gap measure until you get more space, or move to ipv6 for whatever it your short on. If you are only 1 IP short, more than likely your going to be 2 short in the near future ;) or 3 or 4, etc. etc.. ;)

Using your wire address as a host, is not going to be a forever fix is my point... And is not to me a good idea.. Not saying you couldn't leverage that in a "pinch" but I am all for pfsense screaming at the user that its not valid.

JKnott · Jul 12, 2019, 1:48 AM

@jahonix said in Cannot set a static address on a VLAN interface:

Since the death of Windows 95/98 it is officially possible to use the network address for a host. Windows95/98 used that for directed broadcast traffic but that's history.
I just found this info: Cisco routers (from IOS 12.0 onwards) now have ip subnet-zero enabled by default

Subnet 0 is not the lowest address in a subnet. It's the lowest subnet supported by the subnet mask. For example, with a /24 subnet mask the subnet with 0 in the 3rd octet was not permitted. It now is. Similar applied to the highest subnet or 255 in the 3rd octet in this case. The network address is the lowest address within a subnet.

Derelict · Jul 12, 2019, 5:00 AM

This is a case where just because you can doesn't mean you should.

On an IPv4 broadcast network, the first address in the subnet is the network address and the last address is the broadcast address. Pretend they don't exist for interface numbering purposes and spend your time by the pool instead of chasing problems because some stupid new device doesn't understand the aggressive network numbering scheme you implemented 18 months ago.