1. Home
  2. pfSense® Software
  3. L2/Switching/VLANs
  4. vLans Aren't Assigned DHCP IP Address

vLans Aren't Assigned DHCP IP Address

  • D

    I've been trying to implement 2 vlans in my pfsense for the last 2 days and have finally given up. I need help.

    I have a 4 NIC card in my box which has the following configured:

    LAN - 192.168.163.1/24 (em3)
    IOT - 192.168.160.1/24 (em0)
    VLAN - no networks assigned to it (em1), will only have vlans attached to it.

    My WAN is on an original NIC (em4) that was in the old computer that I'm using for pfSense.

    DHCP Issue

    I have 2 vlans configured to run on the VLAN interface. and I can not get them to be assigned an IP address. Here is my configuration.

    Interfaces
    Enabled: Checked
    Name: VLAN
    IPv4 Config: None
    IPv4 Address: None

    Enabled: Checked
    Name: DMAVoip_vl166
    IPv4 Config: Static IPv4
    IPv4 Address: 192.168.166.1/24

    Enabled: Checked
    Name: CellSpot_vl167
    IPv4 Config: Static IPv4
    IPv4 Address: 192.168.167.1/24

    Interface Assignments
    em1
    VLAN 166 on em1
    VLAN 167 on em1

    DHCP Server Settings

    DMAVoip_vl166
    Enabled: Checked
    Deny Unknown Clients: Checked
    Range: 192.168.166.10 - 102.168.167.20

    Static Mapping
    Mac Address: entered and checked multiple time for correctess
    IP Address: 192.168.166.2

    Cellspot_vl167
    Enabled: Checked
    Deny Unknown Clients: Checked
    Range: 192.168.167.10 - 102.168.167.20

    Static Mapping
    Mac Address: entered and checked multiple time for correctess
    IP Address: 192.168.167.2

    Firewall Rules
    Pass ALL from ANY to ANY - on all 3 interfaces

    NAT Rules
    Both vLan interfaces are outbound NAT'ed from WAN to their domain networks.

    Managed Switch Settings
    2 vlans set up with the same vlan tag as in pfSense - 166 and 167
    em1 interface is plugged into port 2 on switch
    devices are plugged into ports 9 and 10 in switch
    vLan 166 tags ports 2 and 9
    vLan 167 tags ports 2 and 10

    None of these settings allows either of the 2 vlans to an IP address from pfSense.

    Sorry for the lengthy post but I really hope I can get some help here as I've tried to solve this on my own and have no idea what else I can try to do.

    0
  • A

    @dma_pf Ok, so now that you have typed all of that in, what really helps is screenshots so we can see what you actually programmed in to the system. I know it sounds silly, but most of the time the devil really is in the details. So, post screenshots of the following:

    Interface Screen (for all VLANs)
    DHCP Server Settings (for all VLANs)
    and finally, the Firewall Rules (for all VLANs)

    Most of what you put above sounds correct, I only caught 1 error, so your traffic should be moving. But, let's see what's really going on with some screenshots.

    Jeff

    0
  • D

    @akuma1x Thank you for offering to help me! After 4 hours of sleep last night, and another reading of the vlan switch setup in the pfSense book, I was able to figure it out.

    It ended up being 2 settings in the managed switch that I had to reset. The PVID for the ports that the hosts are plugged into had to be set, and the trunk port to the pfSense box had to be removed from the default vLan setup by the switch. Additionally, I unassigned the em1 interface in pfSense and now just the 2 vLans are assigned interfaces which are linked as being on the unassigned em1 interface.

    You mentioned that you noticed one error in my setup in your earlier posting. Would you mind sharing that with me please?

    Now that I am getting IP addresses I am having a strange issue on both of the vLans. I can ping from those network's source addresses to pfsense (192.168.163.1), devices on 192.168.163.xxx, 192.168.166.xxx, and 192.168.167.xxx. But I cannot ping out anywhere past pfSense (the WAN). If I do a traceroute on pings to the WAN all hops come up as empty. I have the pass rule for both of the vlan interfaces set to log and they show all of the traffic as being allowed to pass. I've been at my desk the entire morning and my voip phone was just sitting there showing that it was offline. Just a few minutes before I started typing this post the status light indicated it was online. But the strangest part is I still can't ping out of that interface to the WAN. I have no idea how the phone got hooked up to our provider if I can't even send out a ping from the phone's interface out the WAN.

    If you can help me figure out the pinging issue I'd greatly appreciate it. Let me know what I can provide to help. I know the above is off topic to my original post and have no problem moving this to a new post if you think it's best.

    0 A 1 Reply
  • A

    @dma_pf This was the spot that was in error, but I assumed it was a typing mistake...

    DMAVoip_vl166
    Enabled: Checked
    Deny Unknown Clients: Checked
    Range: 192.168.166.10 - 102.168.167.20

    The range on that one is incorrect.

    Jeff

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy