Local clients don't get Router / gateway address - intermittent
-
@cabledude
Does this device also offer the DHCP server, where it was get this settings from? -
@viragomann
Yes the SG-1100 has DHCP server functions enabled. -
@cabledude
No, I was meaning the client. Does it give you any information about the DHCP server, where it got this settings? -
@viragomann
No, all it shows - normally - is the "Router", i.e. the router IP, or in case of VLAN the VLAN IP.
For example if the router is at 192.168.1.1, for VLAN 10 the client device Router entry would be 192.168.10.1.Pete
Home: SG-2100 + UniFi + Synology. SG-1100 retired
Parents: SG-1100 + UniFi + Synology
Testing: SG-1100 w/ 120GB SSD via ext USB (eMMC dead). Works great -
C Cabledude referenced this topic on
-
Been checking the logs and here are some screen shots:
So it looks like the WAN connection drops and pfSense is trying to use the old lease and then finally renew the lease.
After rebooting the ISP modem there haven't been any more "link state changes to DOWN", but they will return.
-
should I disable gateway monitoring?
-
@cabledude said in Local clients don't get Router / gateway address - intermittent:
For example if the router is at 192.168.1.1, for VLAN 10 the client device Router entry would be 192.168.10.1.
Wondered where that client is getting that IP? All client must show 192.168.1.1. Seems that your switch is doing DHCP!
-
@nollipfsense
Thanks for your reply! Actually it has always been like that. And my switch or any other UniFi device doesn't feature a DHCP server.Just so that we're on the same page: the actual client IP address is in the range of the DHCP pool. 192.168.10.1 is not the client IP address, but the gateway. Obviously the gateway is internally routed through to 192.168.1.1.
My guess is pfSense is doing this to provide a gateway for every VLAN even if firewall rules block access to LAN or other VLANs. A netgate representative will probably be able to confirm.
-
@cabledude If the below is a Mac, it always shows the router it got the IP from and this has IP not in 192.168.1.2 - 192.168.1.254 range.
-
@nollipfsense said in Local clients don't get Router / gateway address - intermittent:
@cabledude If the below is a Mac, it always shows the router it got the IP from and this has IP not in 192.168.1.2 - 192.168.1.254 range.
Exactly. But VLANs work differently. This is VLAN 10. The client received 192.168.10.60 and the gateway is 192.168.10.1. Trust me this is as designed.
The question at hand here is why the DHCP server doesn't issue the gateway, be it 192.168.1.1 (for LAN) or 192.168.xx.1 (for VLAN xx), which is more and more likely caused by ISP modem hiccups.
Just FYI after rebooting the ISP modem, the clients get gateway again (192.168.10.1) and work as expected.
And to wrap it up this is the DNS server issued by the pfSense DHCP server:
-
@cabledude So, the ISP modem/router is doing both DNS and DHCP...pfSense is not in the loop...using it just as a firewall?
-
@nollipfsense said in Local clients don't get Router / gateway address - intermittent:
@cabledude So, the ISP modem/router is doing both DNS and DHCP...pfSense is not in the loop...using it just as a firewall?
Not at all. pfSense is the only DHCP server in the entire network.
The ISP modem (cable 100/40) is in bridge mode, so the pfSense box (SG-1100) gets the WAN directly from the ISP server via WAN DHCP. Then it also runs the DHCP server for the LAN side, including all VLANs. -
@cabledude Okay, so, pfSense LAN must be 192.168.10.1 or I am confused on your network. At least, the DNS resolve to 192.168.10.1 for host name sg.home.arpa...
-
@nollipfsense said in Local clients don't get Router / gateway address - intermittent:
@cabledude Okay, so, pfSense LAN must be 192.168.10.1 or I am confused on your network. At least, the DNS resolve to 192.168.10.1 for host name sg.home.arpa...
Like i said, VLANs work differently. pfSense is at 192.168.1.1, so LAN is at 192.168.1.x, VLAN10 is at 192.168.10.x, VLAN20 is at 192.168.20.x etc.
If you have VLANs set up you would see what I mean. -
@cabledude said in Local clients don't get Router / gateway address - intermittent:
If you have VLANs set up you would see what I mean.
No...never need to do it despite having complex networks.
-
@stephenw10 said in e6000sw0port3: link state changed to DOWN:
The LAN side DHCP issue could be unrelated. It could be a rogue DHCP server in some other device for example. Check the logs for reported IP conflicts.
Hello Steve,
Hopefully we can continue this topic here. No items of interest in the DHCP log. But I have no other DHCP-capable devices, so this would seem impossible.By the way there is a gap in the general log
@stephenw10 said in e6000sw0port3: link state changed to DOWN:The LAN side DHCP issue could be unrelated. It could be a rogue DHCP server in some other device for example. Check the logs for reported IP conflicts.
Hello Steve,
Hopefully we can continue this topic here. No items of interest in the DHCP log. But I have no other DHCP-capable devices, so this would seem impossible.By the way there is a gap in the general log. Don't know what that means. And yes the unit has been on and fully functional during that time.
Knowing the cable modem will fail again, I consider my network to be unreliable until cause found.
After resetting only the cable modem (three days ago) not a single DHCP issue, which makes me think the "link down" and "DHCP gateway" issues could be related.
The takeaway is that if the cable modem is the cause, pfSense should still keep chugging along, independently. Or am I wrong to assume this?
Some questions:
#1 Is the "clients don't get gateway from pfSense DHCP" an issue that you see more often?#2 Could it be worthwhile to copy the config to a spare SG-1100 and swap?
#3 support options
I don't have the budget to buy TAC Pro. Does netgate have any other support options such as just for one incident? Where I could send logs etc.? Or would the price for this quickly exceed a year's worth of TAC Pro. -
C Cabledude referenced this topic on
-
C Cabledude referenced this topic on
-
Just to add:
Ever since upgrading the SG-1100 from UFS to ZFS (full wipe and config restore), the UI performance has gone down quite a bit. Invoking the dashboard takes around 9 seconds, as does logging in.
From dashboard load, when going to CPU info, it can sometimes take a full minute easily before the CPU shows, but I’ve also seen 7 seconds.
CPU usage with dashboard open is around 75-80%.Here is the detailed CPU info:
-
@cabledude Dashboard UI will add to your CPU loads, too, so I wouldn't judge it from there.
-
C Cabledude referenced this topic on
-
C Cabledude referenced this topic on
-
So I learned that pfsense DHCP doesn't advertise router when the default gateway is down. The same happens when I simply unplug the WAN cable from the netgate. This may be by design, if so it isn't a malfunction.
I also noticed that when an internet outage occurs, the tiny square shaped 100/1000mbit and traffic leds next to the netgate SG-1100 WAN RJ45 socket go out completely, although the cable is still attached firmly.
- No lights, no connection.
- No connection, no gateway.
- No gateway, no router advertisement
Right?
So this only leaves one issue to tackle: why is the connection from cable modem LAN1 port (bridge mode) to netgate WAN port going down with cable still attached?
-
@stephenw10
Could you or any other Netgate representative confirm that pfSense doesn't send gateway info when no WAN connection is up, e.g. when no WAN cable attached or service down?This from the Netgate docs:
"DHCP also sends configuration information to clients such as a gateway, DNS servers, domain name, and other useful settings." See here.I have a factory reset SG-1100 here with only LAN cable attached and my macbook gets no gateway info, just IP and DNS.
