Not getting a DHCP WAN IP Address on netgate hardware.
-
So I have been trying to resolve this for quite some time. Basically the firewall for the church I do IT support for is not getting an IP address assigned to it from DHCP from the ISP. When I put another router between them it works fine. I have tried this on both a netgate SG-1100 and SG-4100 (current). I have tried spoofing the MAC address of the other router, and that did not help. Nothing in the logs seems to be relevant to the issue either as far as I can tell. Today at approximately 11:10 I tried plugging the PFSense firewall directly into the WAN connection (which comes from the ISP's ONT) to get some fresh logs for you guys. Here they are. Any help would be appreciated.
11
Here the DHCP Client logs.
Here is the system logs.
-
@Austin-0 cable modem? Did you reboot the modem after swapping out hardware?
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate I did not try it this time, but I have tried rebooting the ONT yes.
-
Does your ISP require any sort or vlan or priority tagging? Or perhaps it tags traffic. That was an issue in previous pfSense versions, what are you testing with?
-
@stephenw10 Currently I am using 23.05.1 on a 4100. When we originally started using pfesense I'ma was I'ma a netgate sg-1100 it was on 22.01 and I have used every version between those two. I have spoken with the ISP previously, and they did not mention any tagging that was needed.
-
I would try running a pcap on WAN for all traffic whilst it's trying to pull a lease and see what, if anything, is coming back.
What's the other router that works as expected here?
-
@stephenw10 I apologize for the late reply. The working router is a Linksys EA6350. Before moving to the netgate setup there was a Google nest mesh setup that also worked, but I don't remember the specific model. I will not have physical access to the devices until Friday at the earliest, but I will get that pcap for as soon as I am able to.
-
Just to be sure :
The port WAN2 = interface ix3, as I'm using that right now with my 4100.
The one called ix2 is the left port (I guess)When pfSense starts, you should see in Status > System Logs > System > General :
-
Mmm, that's a good point. Looking at the logs you posted I see ix3 go down when you disconnected it from the other router (presumably) but I do not see it ever go up again.
Do you actually see link LEDs when it's directly connected to the ONT?
-
@stephenw10 You are correct that it goes down when unplugged from the other router. I will check for those link lights as soon as I am able. (Which will most likely be Friday or Saturday.)
-
@stephenw10 The activity lights do not come on when plugged directly into the ONT.
-
Ok, what does the ONT link at when connected to something else? It may be set to a fixed link rate. Though I would expect the 1100 to link to that since the WAN is a switch port.
Can you try putting a switch in between?
-
@stephenw10 Thank you for the suggestion. I connected to my main switch on a separate VLAN. That did in fact work correctly. The ONT connection set itself to 100Base-T. I did try setting that speed for the WAN connection in PFSense and then plugging it directly in, however that once again resulted in no Link lights. I would like to not have to run the connection through the switch, but this at least better than where I started.
-
This is using the 4100? The NICs there would have issues connecting to something at a fixed speed, probably what you're seeing.
An 1100 there should work though, you can set the switch ports to 100M fixed.
-
@stephenw10 Is there any way around this issue, other than putting the switch in between them?
-
@Austin-0 Not one that we have any means to effect. The ISP is the one with the hardware that needs to play ball.
-
@Austin-0 Looks like I spoke too soon. It worked for 5-10 minutes or so and then I got 100% packet loss according to the gateway monitor. I rebooted, and the same thing happened. It worked for 5-10 minutes and then it was dropping all of the packets. Below are the logs from after the reboot. As you can see, It came back up from the reboot at 16:38, and dpinger sent the alarm at 16:45.
-
For the 4100 specifically?
-
@stephenw10 Yes
-
@Austin-0 said in Not getting a DHCP WAN IP Address on netgate hardware.:
Looks like I spoke too soon
Did the switch lose link? pfSense only shows the pings to 1.1.1.1 started to fail.
