Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    vLans Aren't Assigned DHCP IP Address

    L2/Switching/VLANs
    2
    4
    57
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dma_pf last edited by dma_pf

      I've been trying to implement 2 vlans in my pfsense for the last 2 days and have finally given up. I need help.

      I have a 4 NIC card in my box which has the following configured:

      LAN - 192.168.163.1/24 (em3)
      IOT - 192.168.160.1/24 (em0)
      VLAN - no networks assigned to it (em1), will only have vlans attached to it.

      My WAN is on an original NIC (em4) that was in the old computer that I'm using for pfSense.

      DHCP Issue

      I have 2 vlans configured to run on the VLAN interface. and I can not get them to be assigned an IP address. Here is my configuration.

      Interfaces
      Enabled: Checked
      Name: VLAN
      IPv4 Config: None
      IPv4 Address: None

      Enabled: Checked
      Name: DMAVoip_vl166
      IPv4 Config: Static IPv4
      IPv4 Address: 192.168.166.1/24

      Enabled: Checked
      Name: CellSpot_vl167
      IPv4 Config: Static IPv4
      IPv4 Address: 192.168.167.1/24

      Interface Assignments
      em1
      VLAN 166 on em1
      VLAN 167 on em1

      DHCP Server Settings

      DMAVoip_vl166
      Enabled: Checked
      Deny Unknown Clients: Checked
      Range: 192.168.166.10 - 102.168.167.20

      Static Mapping
      Mac Address: entered and checked multiple time for correctess
      IP Address: 192.168.166.2

      Cellspot_vl167
      Enabled: Checked
      Deny Unknown Clients: Checked
      Range: 192.168.167.10 - 102.168.167.20

      Static Mapping
      Mac Address: entered and checked multiple time for correctess
      IP Address: 192.168.167.2

      Firewall Rules
      Pass ALL from ANY to ANY - on all 3 interfaces

      NAT Rules
      Both vLan interfaces are outbound NAT'ed from WAN to their domain networks.

      Managed Switch Settings
      2 vlans set up with the same vlan tag as in pfSense - 166 and 167
      em1 interface is plugged into port 2 on switch
      devices are plugged into ports 9 and 10 in switch
      vLan 166 tags ports 2 and 9
      vLan 167 tags ports 2 and 10

      None of these settings allows either of the 2 vlans to an IP address from pfSense.

      Sorry for the lengthy post but I really hope I can get some help here as I've tried to solve this on my own and have no idea what else I can try to do.

      1 Reply Last reply Reply Quote 0
      • A
        akuma1x last edited by akuma1x

        @dma_pf Ok, so now that you have typed all of that in, what really helps is screenshots so we can see what you actually programmed in to the system. I know it sounds silly, but most of the time the devil really is in the details. So, post screenshots of the following:

        Interface Screen (for all VLANs)
        DHCP Server Settings (for all VLANs)
        and finally, the Firewall Rules (for all VLANs)

        Most of what you put above sounds correct, I only caught 1 error, so your traffic should be moving. But, let's see what's really going on with some screenshots.

        Jeff

        1 Reply Last reply Reply Quote 0
        • D
          dma_pf last edited by

          @akuma1x Thank you for offering to help me! After 4 hours of sleep last night, and another reading of the vlan switch setup in the pfSense book, I was able to figure it out.

          It ended up being 2 settings in the managed switch that I had to reset. The PVID for the ports that the hosts are plugged into had to be set, and the trunk port to the pfSense box had to be removed from the default vLan setup by the switch. Additionally, I unassigned the em1 interface in pfSense and now just the 2 vLans are assigned interfaces which are linked as being on the unassigned em1 interface.

          You mentioned that you noticed one error in my setup in your earlier posting. Would you mind sharing that with me please?

          Now that I am getting IP addresses I am having a strange issue on both of the vLans. I can ping from those network's source addresses to pfsense (192.168.163.1), devices on 192.168.163.xxx, 192.168.166.xxx, and 192.168.167.xxx. But I cannot ping out anywhere past pfSense (the WAN). If I do a traceroute on pings to the WAN all hops come up as empty. I have the pass rule for both of the vlan interfaces set to log and they show all of the traffic as being allowed to pass. I've been at my desk the entire morning and my voip phone was just sitting there showing that it was offline. Just a few minutes before I started typing this post the status light indicated it was online. But the strangest part is I still can't ping out of that interface to the WAN. I have no idea how the phone got hooked up to our provider if I can't even send out a ping from the phone's interface out the WAN.

          If you can help me figure out the pinging issue I'd greatly appreciate it. Let me know what I can provide to help. I know the above is off topic to my original post and have no problem moving this to a new post if you think it's best.

          A 1 Reply Last reply Reply Quote 0
          • A
            akuma1x @dma_pf last edited by

            @dma_pf This was the spot that was in error, but I assumed it was a typing mistake...

            DMAVoip_vl166
            Enabled: Checked
            Deny Unknown Clients: Checked
            Range: 192.168.166.10 - 102.168.167.20

            The range on that one is incorrect.

            Jeff

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy