XG-7100 - 21.05.2-RELEASE (amd64) - strange problem with dhcp connection through switches
-
Hello all pfsense community!
We have problem with this kind of configuration
part A of our configuration works fine but not in B.
On KVM virtual machines can't get ip from dhcp server on pfsense, only if we set static IP on machines then works.
some other facts:- beetwen two linksys switches our ISP maintence this part of network
- on the A our side all local network works fine(dhcp, firewall, openvpn etc.)
- no problem to connect to first linksys switch
- if we back to our old configuration with dratek(vigor2952 series) device all works fine(A side and B side)
Below some screen of configuration:
Does anybody have any idea what is wrong?
In any case, thanks for your your time.
-
DHCP is a broadcast. Does your ISP tunnel pass broadcast packets? If not you will need a DHCP helper or change the tunnel to allow the broadcast.
A third less fun option is to setup DHCP on the local network with a different range. It could be in the same subnet as long as the ranges do not overlap. -
In the XG-7100 lagg0 should usually only be ix2 and ix3, the two internal ports. You show all four ports being in the lagg in your screenshot which cannot be correct.
The link to the B section is on LAN1 (VLAN 4091) but your screenshot shows none of the LAN1 ports as linked.
The PVID on ports 2,3,4 and 6 is set to 4091 but port 6 is missing from the VLAN 4091 config so won't work.
However none of that would prevent DHCP working whilst static IPs do work.
Steve
-
Thanks you very much for quick reply, I will check that
-
We have done a lot to fix (e.g. restore default configuration, reinstall pfSense Plus https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100/reinstall-pfsense.html) unfortunately the problem persists (dhcp problems on the B side of our network) We finally replaced the devices on the Fujitsu Futro Terminal with the latest version of Pfsense for the community and we don't have this problem, so ... do you think it could be a hardware problem on the XG -7100? maybe we should send this machine for warranties
-
I'm unsure what you did there exactly. You replaced the XG-7100 with CE running on a different device?
It's extremely unlikely to be a hardware problem what only effects DHCP. I can't think of any way it could fail like that. It's almost certainly a config issue and probably with the switch/lagg since that's unique to the 7100.
Can we see the current 7100 config you are testing with?
Steve
-
That's right, I replaced XG-7100 device with Pfsense Plus to device Fujitsu with Pfsense CE and dhcp works in B segment of the network
Now on the XG-7100 it is default configuration after we reinstall pfsense look like that:
We tested only LAN 1 part and on B side we still cant get the IP adress from pfsense.
-
The only other thing that can sometimes cause an issue is that because the Eth ports are connected via the switch they all share the same MAC address. If more than one is connected to the remote switch that can cause a problem for some switches. That would still effect both static and dhcp IPs though.
Try running a packet capture on the LAN to see if the DHCP requests are arriving.
Steve
-
Thanks for the tip Steve, I'll check it out.
-
We did some other test, we seted on outsite switch vlan untaged but we still cant get ip adress from dhcp on B side devices. What it looks like on graph(more specyphic info about ifra):
We think we will need to replace this devices to other to implement pfsense system in our newtwork.
Thanks for you time it. -
I would not expect the Linksys switch to have VLAN 4091 defined at all. If you have it set as untagged there it might be tagging the traffic coming in in which case it will also need to be set on the port connecting to the KVM. Is that the case? Or is the KVM configured to handle VLAN 4091 directly?
-
Maybe I presented it a bit wrong, but between the two switches where the tunnel(ISP management this point) is, we don't have vlans so on kvm server there are not vlan setting
-
OK so neither the Linksys switch nor the KVM server is aware of vlan 4091?
Then I would expect it to work. Were you able to try running a packet capture on the 7100 for the DHCP requests?
Steve
-
That's right. For Linksys and kvm that is transparent. I did test, thats looks like on switch there is a dhcp request from kvm machine but it not response from pfsense.
-
That's running a pcap on lagg0.4091 on pfSense?
-
We caught packets on the pfsense lan interface, but they were only DHCPDISCOVER packets.
-
Ok, but importantly it was on lagg0.4091? The LAN is assigned as lagg0.4091?
If you captured them on lagg0 for example they may have been incorrectly tagged.
If you are seeing the DHCP requests on LAN however the DHCP server should respond unless the requests are somehow invalid. I would expect to see errors in the dhcp log though if that were the case.
Do you see a state opened on the LAN for those requests? Perhaps they are being blocked by the firewall somehow?
Steve
