Setup VLANs and DHCP not working.

herrinchris

I have setup 2 VLANs on the LAN interface as well as configured DHCP for each of the VLANS, I am not running DHCP on the primary LAN because I want that range to be static only and for management purposes. The ranges are as follows: LAN 192.168.80.x, VLAN2 192.168.30.x, VLAN3 192.168.40.x and are in a Lab environment. I just have the box running pfsense with a 4 port NIC and a cisco switch capable of VLANs. I have a cable running from port 0 (WAN defined interface) to a port on my cable modem and I get a DHCP address there. Then I have a cable running from port 3 (LAN defined port) to the cisco switch port G1. All 3 LAN (and 2 VLANs) IP addresses are .1 and that is defined as the gateway in the DHCP setup. When I plug my laptop into a port on the switch that I have tagged for VLAN2 I do not get an IP address. Same when I plug into a port I have tagged for VLAN3. What am I missing???

JKnott

@herrinchris

What does Packet Capture show? Do you see the DHCP transactions from both the computer and pfSense?

herrinchris

When I run the packet capture on the LAN interface its has traffic but no DHCP requests. When I run it on the VLAN2 there is no traffic at all (since nothing is connected to it I assume.)

Zawi

What is the mode of Cisco port that connected to pfSense?

it should be in trunk mode

Switch# show run int fa 0/23

interface FastEthernet0/23
switchport trunk encapsulation dot1q
switchport mode trunk

JKnott

@herrinchris said in Setup VLANs and DHCP not working.:

When I run the packet capture on the LAN interface its has traffic but no DHCP requests. When I run it on the VLAN2 there is no traffic at all (since nothing is connected to it I assume.)

Try connecting something to a VLAN port and booting it. You should see the DHCP discover, etc.. That must happen, before you can do anything else.

herrinchris

@Zawi Currently all ports are in trunk mode. I changed a couple to general and allowed Tagged traffic only to check and no change. When I enabled the DHCP for the LAN connection (in addition to the VLAN DHCP) the connected device received an address on the LAN subnet so it is something to do with DHCP on the VLANs.

herrinchris

@JKnott I did and ran a capture. I am not seeing any traffic pass on the VLAN sub-interfaces only traffic passing on the main LAN interface. When I enabled the DHCP for the LAN connection (in addition to the VLAN DHCP) the connected device received an address on the LAN subnet so it is something to do with DHCP on the VLANs. Or since I am not seeing any traffic maybe a setup issue? I can post config pics if that helps as this is only a setup test in my lab I would change all the IP info for a live setup.

JKnott

@herrinchris

Try configuring a static IP on a device connected to the VLAN. Can it communicate with pfSense? With something on other subnets?

herrinchris

So I found 1 piece I missed. I didn't have the VLAN set as the PVID for the port on the switch. So now I am getting DHCP addresses handed out. However, the VLAN handed out addresses are unable to get to the internet even though the WAN and LAN ports are set correctly. When I enable the LAN DHCP I can get to the internet with one of those addresses just not the ones that I am getting from the VLANs. If I need to post this in separate question I understand.

JKnott

@herrinchris

You likely have firewall rules blocking it. The LAN normally allows connection by default, but not other subnets.

You'll have to create a rule to allow anthing to pass.

herrinchris

That was it! Thanks for your help, everything seems to be working now!

Bob.Dig

@JKnott said in Setup VLANs and DHCP not working.:

You likely have firewall rules blocking it. The LAN normally allows connection by default, but not other subnets.

I am new to vlans and have problems so far with it. What do you mean by "LAN doesn't connect to oher subnets by default"? The default is any, right?

JKnott

@Bob-Dig

In that post, I was referring to other than the main LAN to the Internet. However, it would hold for other subnets. The general rule for firewalls is to block by default and then create exceptions for what you need. So, if you find something doesn't work, then firewall rules are a good place to start looking.