Help with DHCP / vLan's from AD
-
Issue: Unable to get DHCP IP/Configuration from DC (DHCP)
Overarching Goal - Utilize the DC / DHCP
**NOTE: ** - PFSense is on physical hardwareWhat does work:
-
If I use the PFSense DHCP I get an IP and everything works
-
If I set a static IP everything works
What does not work:
- Turning off PFSense DHCP and enabling DHCP Relay
(Don't get an IP from the DC/DHCP)
What is configured:
- DHCP vLan IP ranges on DC (same as the PFSense's)
Hopefully someone can help!
-
-
Enabling DHCP forwarder & Select interfaces where it should be active
I have this setup , and it works excellent.
I'm still on 2.4.5-p1 though.
/Bingo
-
@bingo600
I actually figured it out...FINALLYFor anyone else it wasn't Pfsense, it was the TL-SG2218 being miss configured.
I had to configure the:
-
L3 Features:
- Routing Config -> Enable IPv4 Routing -> add the interface Config
-
-
@grimmsh0t
That does NOT sound right.
The pfSense DHCP forwarder should work excellent on a "pure" L2 lan , provided the pfSense is setup to allow DHCP (UDP 67 & 68) inbound to the pfSense Lan/Vlan interfaces. I have no idea what to enable for IPv6.If you have enabled L3 routing on the switch , you have just "bypassed" the pfSense security for those Vlans you have enabled L3 routing on.
As they can now "speak to each other" without passing pfSense.Did you remember in the DHCP forwarder to enable all interfaces that should forward DHCP requests.
/Bingo
-
@bingo600
Yes I configured the DHCP Relay:
NOTE: You mentioned in your replied "DHCP Forwarder" - Is this the same as DHCP Relay?
Worth mentioning: Pfsense is on a physical (desktop) device so as an example I am missing (Interface / Switches). Not sure if that's an option I should have!
-
@grimmsh0t
My bad - I meant DHCP RelayDo you see any blocking in pfSense logs ?
I had to allow UDP 67 & 68 (DHCP) to the pfSense Vlan interface ip , in order for pfSense NOT to block the DHCP requests from clients to the pfSense IF.
You don't need to enable the Relay on VLAN60 , as that is the Vlan you have your DHCP server on.
That would just cause requests on that Vlan to be doubled , as the Relay would also send a request.Try to enable the Circuit ID / AgentID tick box.
See: https://docs.netgate.com/pfsense/en/latest/services/dhcp/relay.htmlI'm using ISC-DHCP server on Linux , but would expect a M$ DC to work much the same way.
/Bingo
-
@bingo600
For the rules I have any/any for initial setup and will lock it down once I know its running:VLAN30 and VLAN60 are the same
I'll try this next:
-
Enable the circuit Id Agent
-
Add UDP 67 & 68 on the vLan (main lan)
-
Remove the L3 interfaces from the managed switch.
Will let you know and thanks for the responses.
-
-
SUCCESS!
-
Not sure if it was the Append Circuit ID /AgentID tick box
-
Allow UDP 67 & 68 (DHCP) to the pfSense Vlan interface ip
-
Modified relay only on LAN and vLan30
Thanks for all your help!
-
-
Nice to hear it works.
Unless you only tested DHCP on Lan interface
It has to be the AgentID tickbox that worked.
As you already had : allow ip any any on Vlan30/Bingo
Ps: Did you notice the
"Thank you" button in the bottom of each post
