• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

VLAN's DHCP pool needed?

Scheduled Pinned Locked Moved DHCP and DNS
24 Posts 3 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tknospdr
    last edited by Jul 14, 2023, 12:23 AM

    Re: No DHCP on VLAN interfaces

    I have a follow up question about this issue. Forgive me but I'm super new, only been running pfs for about 4 days now.

    I was able to get DHCP running on my VLAN without issue.
    I thought it wasn't working until I realized I had to add a virtual interface to my NIC with the proper VID to actually connect.
    As soon as I did that I was able to get an IP from it's pool.

    The internet at large is slow or simply doesn't load over the VLAN supplied IP, and I can't access the pfs admin page from the VLAN interface's address.
    When I look at the leases I have an active/expired lease on the NIC's interface, and an active lease on the VLAN.

    Is this how things are supposed to work?

    Can someone explain the reason for running DHCP on the VLAN? Is it needed for tagging to work right, or can you just create and add it to an interface for that?
    Do I need the underlying interface to have DHCP on as well or is that just redundant?

    Appreciate your time!

    J T 3 Replies Last reply Jul 14, 2023, 12:38 AM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @tknospdr
      last edited by johnpoz Jul 14, 2023, 12:40 AM Jul 14, 2023, 12:38 AM

      @tknospdr said in VLAN's DHCP pool needed?:

      I thought it wasn't working until I realized I had to add a virtual interface to my NIC with the proper VID to actually connect.

      You normally wouldn't do that, unless your vlans are not actually isolated at layer 2..

      The client should never really need to know what vlan its on.. Because you would isolate your vlans at switch or wifi or both, etc.

      The only time tags are needed is when multiple vlans are carried over the same wire.

      You could setup a interface on pfsense as native (untagged).. As long as the switch isolates this into a different vlan, and then you clients connection on the switch port put into that same vlan. Pfsense nor the client has any clue that its vlan X on your switch, etc.

      if your going to run multiple vlans on a wire, then yes you need to tag..

      I take it your trying to do vlans over some dumb switch that doesn't understand vlans?

      I run multiple networks some native (untagged) some tagged.. But all are isolated from each other at layer 2, and then they run their own layer 3 IP space..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • T
        tknospdr @tknospdr
        last edited by Jul 14, 2023, 12:47 AM

        This post is deleted!
        J 1 Reply Last reply Jul 14, 2023, 12:50 AM Reply Quote 0
        • T
          tknospdr @tknospdr
          last edited by Jul 14, 2023, 12:49 AM

          Okay, so through some more testing I see that as long as the parent interface is active, even if the IPv4 field is set to none, I can get the VLAN to become active on my NIC and provide an IP address.

          I still can't get to the pfs admin interface. The rest of the internet seems to load, albeit with quite a delay in place. Download speed seems to be the same, upload speeds are about 3/5 normal.

          Not sure if I'm missing some FW rules or what.

          The delay to load pages is puzzling too.

          1 Reply Last reply Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator @tknospdr
            last edited by Jul 14, 2023, 12:50 AM

            @tknospdr well you prob have all kinds of what amounts to asymmetrical traffic flow..

            If you want to use vlans.. You really need a vlan capable switch so you can properly isolate them.. While it is possible to run multiple layer 3 on the same layer 2.. And even do some stuff with vlan tags, etc. Its going to be very problematic.. And prone to all kinds of issues, and you have lack of actual security between any of your networks.

            If your switch does not support vlans, then you should isolate your networks at the physical level with different switches, etc.

            A 8 port gig vlan capable switch can be had for like 40 bucks..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            T 1 Reply Last reply Jul 14, 2023, 12:55 AM Reply Quote 0
            • T
              tknospdr @johnpoz
              last edited by Jul 14, 2023, 12:55 AM

              @johnpoz

              Thanks for the info, I haven't deployed the pfs box yet. I don't want to destroy my network until I know what I'm doing a bit more, so right now it's just sitting next to my computer and I have the computer plugged directly into the parent interface that the VLAN is on. That's why I created the virtual interface, just to make sure stuff was happening as I expected it to (or not as the case may be).

              I have an 8x 2.5G managed switch to deploy when the actual time comes.

              J 1 Reply Last reply Jul 14, 2023, 1:56 AM Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator @tknospdr
                last edited by Jul 14, 2023, 1:56 AM

                @tknospdr said in VLAN's DHCP pool needed?:

                8x 2.5G managed switch

                Which one? Just curious - those are not all that cheap ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                T 1 Reply Last reply Jul 14, 2023, 1:58 AM Reply Quote 0
                • T
                  tknospdr @johnpoz
                  last edited by Jul 14, 2023, 1:58 AM

                  @johnpoz
                  This one, seems pretty nice. Not that I know what I'm looking at.
                  When I logged into it's interface I got a little woozy and realized I don't know nearly as much about networking as I thought I did.

                  https://www.amazon.com/dp/B09S5MCYW3?ref=ppx_yo2ov_dt_b_product_details&th=1

                  J 1 Reply Last reply Jul 14, 2023, 2:02 AM Reply Quote 0
                  • J
                    johnpoz LAYER 8 Global Moderator @tknospdr
                    last edited by Jul 14, 2023, 2:02 AM

                    @tknospdr said in VLAN's DHCP pool needed?:

                    ttps://www.amazon.com/dp/B09S5MCYW3?ref=ppx_yo2ov_dt_b_product_details&th=1

                    That says "Unmanaged Fanless Network Switch " it wouldn't support vlans..

                    "Easy to Use: Unmanaged Plug and Play, just plug in the power cord, connect the ethernet cable directly to the device, without any configuration. "

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    T 1 Reply Last reply Jul 14, 2023, 2:07 AM Reply Quote 0
                    • T
                      tknospdr @johnpoz
                      last edited by Jul 14, 2023, 2:07 AM

                      @johnpoz

                      Stupid Amazon links...
                      Hang on...

                      https://www.mokerlink.com/index.php?route=product/product&product_id=496

                      J 1 Reply Last reply Jul 14, 2023, 10:23 AM Reply Quote 0
                      • J
                        johnpoz LAYER 8 Global Moderator @tknospdr
                        last edited by Jul 14, 2023, 10:23 AM

                        @tknospdr ok yeah that one does vlans.. You should be fine using vlans with that one - just has to be setup correctly.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        T 1 Reply Last reply Jul 14, 2023, 11:40 AM Reply Quote 0
                        • T
                          tknospdr @johnpoz
                          last edited by Jul 14, 2023, 11:40 AM

                          @johnpoz

                          So back to my question, if VLANs generally exist in a space where clients don't know anything about them, what's the reason for adding DHCP to a VLAN interface?

                          Unlike most people, I don't want to just find a recipe online and follow it blindly. I want to learn what I'm doing and why, makes it easier later on if a change needs to be made.

                          J 1 Reply Last reply Jul 14, 2023, 11:46 AM Reply Quote 0
                          • J
                            johnpoz LAYER 8 Global Moderator @tknospdr
                            last edited by Jul 14, 2023, 11:46 AM

                            @tknospdr you add a dhcp server to a network if you want to provide dhcp if it’s a vlan interface in pfsense that is where you would see it - your question make no sense to be honest

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                            T 1 Reply Last reply Jul 14, 2023, 5:57 PM Reply Quote 0
                            • T
                              tknospdr @johnpoz
                              last edited by Jul 14, 2023, 5:57 PM

                              @johnpoz

                              I know what the purpose of DHCP is.
                              My question had to do with why you would put one on a VLAN interface as opposed to the underlying interface?

                              I'm just trying to figure things out, like I said, I'm very new to all this. I thought putting a VLAN on an interface just tagged it so that it knew to either talk to or ignore other devices based on their VLAN status even across subnets or physical interfaces.

                              So if I want to use VLANs I should have them distribute IP addresses instead of the parent interface it's attached to?

                              I'm trying to learn best practices.

                              I've got another thread started where I lay out what I want to do looking for help with the best way to accomplish it:
                              https://forum.netgate.com/topic/181507/best-topology-for-my-network?_=1689355990131

                              T S J 3 Replies Last reply Jul 14, 2023, 6:28 PM Reply Quote 0
                              • T
                                tknospdr @tknospdr
                                last edited by tknospdr Jul 14, 2023, 6:28 PM Jul 14, 2023, 6:28 PM

                                So I guess maybe my stumbling block is I keep thinking in terms of devices directly connected to the interfaces on the router.

                                Let me try drawing a diagram of how I think things should work when I add a managed switch into the mix and see if I'm on the right track.

                                Will be back soon with my masterpiece. Have to go fix a few computers... work keeps getting in the way of my learning curve.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  SteveITS Galactic Empire @tknospdr
                                  last edited by Jul 14, 2023, 6:34 PM

                                  @tknospdr said in VLAN's DHCP pool needed?:

                                  why you would put one on a VLAN interface as opposed to the underlying interface

                                  A VLAN is a separate network. A Virtual LAN. So devices on the VLAN can use static IPs, or DHCP, just like any other network. It shouldn't be possible for a device on a VLAN to get an address from a DHCP server not on that VLAN, unless something is very wrong.

                                  A VLAN in pfSense would have its own subnet and firewall rules.

                                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                                  Upvote 👍 helpful posts!

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    johnpoz LAYER 8 Global Moderator @tknospdr
                                    last edited by Jul 14, 2023, 7:05 PM

                                    @tknospdr said in VLAN's DHCP pool needed?:

                                    why you would put one on a VLAN interface as opposed to the underlying interface?

                                    Because that is the vlan interface.. You would also want one on the native untagged network if you have one.. I take you just not grasping what a vlan actually is?

                                    How would you have 2 dhcp servers on the same layer 2 network.. Vlans isolate networks layer 2..

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                    T 1 Reply Last reply Jul 14, 2023, 8:25 PM Reply Quote 0
                                    • T
                                      tknospdr @johnpoz
                                      last edited by Jul 14, 2023, 8:25 PM

                                      @johnpoz

                                      I don't think I was grasping the entire picture RE VLANs. I think I'm getting it now. At least I hope I am.

                                      Based on the diagram here:
                                      https://www.icloud.com/sharedalbum/#B135M7GFPMGqUs;BB4B934D-0B4E-49A3-B175-4722303F194C

                                      PFS LAN interface has DHCP enabled for both parent and VLAN 10. ETH3 is a VLAN 10 interface that has a static IP address with no DHCP.
                                      A is a computer with a static IP address in the same subnet as ETH3's.
                                      B is my managed switch; P1 trunks VID 1 (untagged) and 10 (tagged), P4 is untagged VID 1, P5 is untagged VID 10
                                      C and D are both computers with DHCP on them

                                      As long as pfs's FW doesn't block traffic, A and D are on the same LAN and can see each other, and C is on a different LAN, isolated from the other 2.

                                      Am I getting warmer?

                                      J S 2 Replies Last reply Jul 14, 2023, 8:58 PM Reply Quote 0
                                      • J
                                        johnpoz LAYER 8 Global Moderator @tknospdr
                                        last edited by johnpoz Jul 14, 2023, 9:01 PM Jul 14, 2023, 8:58 PM

                                        @tknospdr said in VLAN's DHCP pool needed?:

                                        ETH3 is a VLAN 10 interface

                                        Huh? Are you bridging interfaces - do you have a netgate appliance that has switch ports?

                                        You can not put discrete interfaces into the same network.. Without bridging them..

                                        If your pfsense box has built in switch, then sure you could have multiple interfaces in vlan 10?

                                        Do you have like a sg2100, this has switch ports that can be used like your drawing

                                        "Four 1 Gigabit Ethernet LAN ports (Marvell 88E6141 switch)"

                                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                                        If you get confused: Listen to the Music Play
                                        Please don't Chat/PM me for help, unless mod related
                                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          SteveITS Galactic Empire @tknospdr
                                          last edited by Jul 15, 2023, 12:25 AM

                                          @tknospdr I suspect you’re thinking that you can set up the same VLAN on two interfaces and have them communicate. This is incorrect (without bridging). pfSense won’t know which interface should receive the packet. It’s like putting two hardware NICs and putting the same subnet on each.

                                          A managed switch can do this because it’s not designed for each port to be independent.

                                          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                                          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                                          Upvote 👍 helpful posts!

                                          T 1 Reply Last reply Jul 15, 2023, 3:07 AM Reply Quote 0
                                          20 out of 24
                                          • First post
                                            20/24
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received