pfsense - vlan - unable to get dhcp ipaddress

v-2nas

Hi Folks,

I have setup pfsense on vmware with 2 physical nics using latest version.

The pfsense works, and my machines can connect to internet & get dhcp ip addresses from pfsense.

I have created a vlan using physical lan interface, assigned the interface, enabled it & configured dhcp.

I have created firewall rules for vlan interface to all all traffic.

I can ping the vlan default gateway from machine.

I have netgear managed switch gs108pe3, where i configured the vlan & plugged the machine to get ip address from vlan using dhcp. However, it never gets an ip address from vlan.

When i connect another machine directly to the router, assign it a static ip from vlan dhcp range, it can't ping the vlan default gateway from the same vlan network (statically assigned ip from vlan dhcp range).

Is there anything wrong or misconfigured here?

lfoerster

@v-2nas said in pfsense - vlan - unable to get dhcp ipaddress:

However, it never gets an ip address from vlan.

You have definitely configured the Tagged uplink in a wrong way on the NetGear. VLAN config in NetGear is a pita.
Check here how to to it the right way:
pfSense
And here the ToDos for the NetGear-108
It works fine without any problems if you set the right tags.

v-2nas

I have called netgear support and reconfigured the switch but there was no success in getting ip from vlan dhcp.

then, we bypassed the switch, connected the pc directly to the router lan port, assign static ip from vlan, and tried to check the connectivity.

but that didn't work. Was connecting the pc directly to router lan interface and assigning from ip from vlan dhcp range a correct test?

is there any re-config required from pfsense side?

lfoerster

@v-2nas said in pfsense - vlan - unable to get dhcp ipaddress:

I have called netgear support and reconfigured the switch but there was no success in getting ip from vlan dhcp.

Works like a charme here. So the only conclusion is that you make a config mistake her on either the firewall or switch site.
The config is very easy and simple.
Router site:
Physical Interface (Parent) = Traffic always untagged !
VLAN Interface = Traffic Tagged with the correspondig VLAN ID
Switch site:
PVID set to the VLAN where untagged traffic should go
Tagged to the VLAN ID where the tagged traffic should go.

Example:
Interface from physival LAN Port should go to Default VLAN 1 on the switch and VLAN 10 Interface has physical LAN interface as parent. Connection port is port 8
Switch setup looks like this:
Port 8 is set UNTAGGED in VLAN 1
Port 8 PVID is set to 1
VLAN 10 on the switch should have port 8 as TAGGED member port. (Port 8 maked as tagged)
Thats it.
A client connected on the Switch in VLAN 1 (untagged end user Port) should now ping the physical LAN port on the pfSense.
A client connected on the Switch in VLAN 10 (untagged end user Port in vlan 10) should now ping the the virual VLAN10 port on the pfSense.

Make sure that you have allowed here ICMP protocoll (Ping) on both ports physical LAN and virtual VLAN 10 port !
Or, use for easier testing here a "shotgun" rule on both ports with Soure:any Destination: any

Such a simple and basic VLAN config defintely works without any issues with every simple VLAN switch on the world connected to the pfSense !

v-2nas

@lfoerster said in pfsense - vlan - unable to get dhcp ipaddress:

Tagged to the VLAN ID where the tagged traffic should go.

I don't understand this statement.
So I have vlan 2, i created a new vlan assignment 2 under switch 802.1q advanced vlan configuration.
set port 5 as untagged under vlan 2 membership
set pvid port 5 to vlan 2

so what i need to do next?
Tagged to the VLAN ID where the tagged traffic should go.

v-2nas

With below config, i got the ip from default vlan 1 not vlan 2.
here is the config from pfsense and netgear switch

v-2nas

Folks, any second thought on this. It's driving me nuts. It was suppose to be simple but so far i have burned 2 full days trying to get it work.

erbalo

Did you have solved your problem. I have the same problem, i get well IP adress from VLAN 1 LAN and no IP adress from VLAN 50. Configured same as of you.

I think also about the config of my Pfsense -> My PFsense is installed virtually on a HyperV VM. Maybe the Netwwork card will not be tag the PVID connections??

v-2nas

Yes, I was able to get the issue fixed. In my case, the Pfsense LAN nic has to be connected to trunk. On vmware esxi, when we create a port, i assigned it vlan id as 4095 which made it a trunk port. After this routing started to work.

On hyper-v, you need to find a way to make the pfsense LAN interface as trunk port.

Hope this helps.

JKnott

@v-2nas said in pfsense - vlan - unable to get dhcp ipaddress:

i assigned it vlan id as 4095 which made it a trunk port.

"VLAN identifier (VID)
A 12-bit field specifying the VLAN to which the frame belongs. The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be used as VLAN identifiers, allowing up to 4,094 VLANs. The reserved value 0x000 indicates that the frame does not carry a VLAN ID; in this case, the 802.1Q tag specifies only a priority (in PCP and DEI fields) and is referred to as a priority tag. On bridges, VID 0x001 (the default VLAN ID) is often reserved for a network management VLAN; this is vendor-specific. The VID value 0xFFF is reserved for implementation use; it must not be configured or transmitted. 0xFFF can be used to indicate a wildcard match in management operations or filtering database entries.[8]"

0xFFF = 4095

erbalo

Problem solved, it was the HYPERV netwerkadapter Trunk ports..