DHCP not giving the right IP on 2nd VLAN

emilien

Hello,

I have a Netgate 7100 with pfsense+ 22.05

I have created a new VLAN for a DMZ on switch 7 and 8.

I have enabled DHCP but no machines are shown in DHCP lease for this VLAN (everything is working well for the first one).

When I plug a windows machine in the eth7 or 8 the status of the network adapter show : Unidentified Network with a strange IP (169.254....) and gateway is empty.

What am I doing wrong ?

JKnott

@emilien

That address indicates there's no DHCP server. Have you configured the server appropriately for that subnet?

emilien

@jknott

I think yes :
Screenshot 2022-08-26 at 08-50-40 pfSense localdomain - Services DHCP Server DMZ.png

emilien

Is it possible that a firewall rule block DHCP server ?

johnpoz

@emilien no - when you enable dhcp server on an interface, hidden rules are created that allow for dhcp.

emilien

I have NordVPN configured, can it be the problem ?

Should I reset everything ?

JKnott

@emilien said in DHCP not giving the right IP on 2nd VLAN:

I think yes :

Try running a packet capture on that interface, filtering on DHCP, so you can see what's happening.

emilien

@jknott It's empty :

Screenshot 2022-08-29 at 09-20-14 pfSense localdomain - Diagnostics Packet Capture.png

Gertjan

@emilien

Empty the host address= all
Protocol to UDP as DHCP is UDP only.

If needed, set port to 67|68
This means port 67 or port 68

Btw : the device you've plugged into that port switch "7 or8", is it set to use the correct VLAN ID ?

Or do you use a managed switch between these ports "7 or 8" and your device, that manages VLAN for you ?

emilien

@emilien Still nothing on packet capture

A windows PC and a Raspberry are plugged directly in the port switch eth7 ans eth8 on the Netgate7100, I didn't set anything on the devices... should I ?

johnpoz

@emilien well lets see the switch config you did to put these ports on whatever vlan you want them on.

https://docs.netgate.com/pfsense/en/latest/solutions/xg-7100-1u/configuring-the-switch-ports.html

emilien

@johnpoz
Screenshot 2022-08-29 at 11-52-16 pfSense localdomain - Interfaces Interface Assignments.png Screenshot 2022-08-29 at 11-51-26 pfSense localdomain - Interfaces Switch VLANs.png

johnpoz

@emilien well did you tag your dmz on your uplinks of the switch.. Doesn't look like it.

Also you setup a lagg, you wouldn't set that up unless you were going to use both ports into another switch. Not if you going to put individual devices on them.

And port 7 doesn't even show anything connected.

edit:
Oh, ok you have them on lagg0, but you don't have them tagged on the uplink ports 9 and 10

see in the example on the link where 4 ports were broken out into office lan. And its tagged on 9 and 10. Yours would be the same but only the 2 ports your wanting to put on your dmz

emilien

@johnpoz YES ! It's working now !

Screenshot 2022-08-29 at 12-26-35 pfSense localdomain - Interfaces Switch VLANs.png

I don't really understand why I should add this 2 ports but whatever.... many thanks

johnpoz

@emilien those are the uplink into the soc. where "pfsense" actually sees the traffic.

While the switch is part of the 7100, logically its no different really then just a switch you would plug into your router physical ports.. The ports 9,10 are the ports that connect to pfsense the switch. They are not just physical ports.

"8-port 1Gbps Marvell 88E6190 switch, uplinked at 5 Gbps (2x 2.5 Gbps) to Intel SoC for LAN "

emilien

@johnpoz Ok I understand now, I didn't get it when reading the tutorial. I feel stupid now, sorry about that.