can dhcp server relay to another interface
-
You can't use the dhcp relay if the dhcp server is running.
I have two lan interfaces and want to put the same vlan on both.
Is it possible to have the dhcp server on one interface and relay to the other without having a bridge
-
@gwaitsi said in can dhcp server relay to another interface:
put the same vlan on both.
Why? What do you think that gets you.. Do you want to connect machines/devices directly to the pfsense interfaces?
-
@johnpoz yes, i want them to be on the same vlan, even though they are on different phyiscal interfaces
-
@gwaitsi then that would be a bridge.. do you not have a switch?
-
@johnpoz we went through this setup in another post.
i have two managed switch on separate interfaces. i have the used a mask of 25 for the two interfaces and for the rules i use a mask of 24 in a interface group (save for the interface specific rules). Works quite well.
the problem i have, two tplinks are on switch A and one tplink is on switch be. the wan/lan are bridged as unmanaged and all wired connections work fine. The issue i have is wifi roaming. I set the devices up to be on the same channel, but when moving between devices there is a short drop out and interruption between calls for example.
i could in theory just create a bridge for the wifi vlans right. i tried using a bridge between the two switches, but was a none starter, performance was crap. but you probably would notice on wife anyway...right? maybe...
theory worked.
-
@gwaitsi said in can dhcp server relay to another interface:
we went through this setup in another post.
And what post is that? I answer and read a lot of posts, I do not recall your previous post..
I set the devices up to be on the same channel
why would you do that - you mean SSID? AP any where near each other shouldn't be on the same channel that is for sure.
-
@johnpoz i have 3 wireless access points to cover the house. when you move between points, there should be seemless transfer between points.
they all share the same SSID and channel. The way i had it though, 2 were on one subnet, and 1 was on a different subnet. so moving between points involved a change of ip which caused a drop out as you went back and forth on a voice call for example or with youtube.
-
@gwaitsi said in can dhcp server relay to another interface:
and channel
They shouldn't be on the same channel.. While you are limited to channels with 2.4 you can use the 3 non overlapping channels..
1,6 and 11
Depending on what your using for VHT for 5, you could get non overlapping channels, but if your using a 80mhz VHT and not DFS channels put the 2 AP as far away from each other on the same..
So I have mine like this..
The 2 AP that are on the same 5ghz channel are on opposite sides of the house.
and 1 was on a different subnet.
Well yeah that is going to be problematic for sure.. Which is why you shouldn't do that.. But not sure what that has to do with ports on pfsense.. You have smart switches - you can put any device on any vlan you want..
Ah I kind of recall your setup now - yeah went over how to correctly do that didn't we? Software bridging on pfsense is not a good solution. Pretty sure we went over distribution and access layer switch placement, etc.
But if your going to want 2 discrete interfaces in pfsense on the same network that would be a bridge. Or a lagg, but if lagg they would need to go to the same switch.
If you need more ports on the same network where pfsense is then put a switch by pfsense. This becomes say the distribution layer switch, and your downstream switches are your "access" layer switches.
So you had the same SSID with different networks on it? So your now broadcasting traffic from 2 different networks on the same network? If your going to to run one of your AP on a different network, that should be a completely different SSID.
The distribution layer switch that connects to your router, could have physical uplinks for your different network, or all the vlans could be on 1 physical interface, or could be combo of both. Or you could setup a lagg between pfsense and your dist layer switch. Devices could also be connected to this distribution layer switch.. It can act as both distribution and access, etc.
With such a setup you can put any device anywhere on your network on whatever vlan you want. If you need to add another layer then top layer becomes the core switch then distribution layer then access layer.
If I recall we went over all of that in your other thread.
There is nothing saying switches can not be part of multiple layers be it core, distribution or access.
-
@johnpoz distribution layer switch is not an option, but thanks for all you input on this and the previous posts. it has helped refine my final solution.
LAN based VLANs
for the LAN based vlans, i have used mask 25 and created interface groups to manage common rules with a mask of 24. and just stick interface spec rules on the particular interfaceWIFI based VLANs
i created bridges for each vlan.LAGG
the upper level switch i connect to pfsense with a lagg for two reasons;- allows me to disconnect one of the cable to bypass everything for testing if required (only have 2 cat 7 cables going upstairs)
- gives me more bandwidth to data from the media server to the clients on the lower switch.
everything seems to be working quit well. I will come back to the access points and have a look those setups based on what you|ve posted. thanks again.
p.s. what are you using for these diagrams?
-
@gwaitsi said in can dhcp server relay to another interface:
distribution layer switch is not an option
And why is that exactly?
gives me more bandwidth to data from the media server to the clients on the lower switch.
And how is that? Do you have lots of different clients.. A lagg just 1 and 1, does not = 2 ;)
A lagg does not magically make a fatter connection. Its just 2 physical paths that traffic can take, but any single connection would only ever go over 1 of those. Now sure if you have lots of different clients that have their own physical path, a lagg can provide more total bandwidth. But when used to carry vlans, especially to a router and you are doing intervlan routing over this lagg you loose control over what physical path traffic can take and you could end up with a hairpin over the same physical path.
drawings are done with visio.
-
@johnpoz
i got physical constraints. even swapping the j1900 for an 8 port is a tight squeeze.there are two lagg interfaces from the switch upstairs to the server and to the pfsense downstairs.
i've now got the wifi on the same vlans so all is good in the deep dark woods. all the lower level media clients, family pcs, etc mostly go out to the internet, save for smb shares and connections to the emby server. i found performance to take a hit when i am working upstairs and others are watching movies, etc.
-
@gwaitsi said in can dhcp server relay to another interface:
i got physical constraints
Like a rack or cabinet? They don't actually have to be really physically next to each other.. To be honest could be on the other side of the house..
Does make it easier if physically close to each other - as long as you can run cables your fine.
The logical connections is what matters in the long run.
For space considerations - take a look at the flex mini from unifi - tiny tiny little switch ;) I was actually surprised how small the thing is..
Other option for space constraints - get a pfsense with switch ports vs discrete interfaces.. The 2100 is pretty small desktop model with 4 switch ports.
i found performance to take a hit when i am working upstairs and others are watching movies, etc.
If bandwidth is an issue, 2.5 and 5gbps connection work just fine over cat 5e cable. So just changing the interfaces or switch to multigig devices could help.
In a perfect world the uplink connection would be higher bandwidth then any of the downstream connections. So when you uplink a gig switch to another switch, if possible 2.5 or 5 or even 10 if you have the money. the 2.5 gig capable switches have come down in price, and more switches are providing for multigig uplink ports, even if via sfp+
-
@johnpoz constraint is a solid brick house. i had cat 7 cables run throughout the house to the boiler room. so for the small environment i have, it is easier in this case, to work with s/w configs that to physically run new cables, etc;