Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VLAN not able to get address from Windows DHCP server

    L2/Switching/VLANs
    3
    5
    246
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gazza77
      last edited by

      Hope someone can help with the vlan setup for the below test network

      ![alt text](6f4ce479-ebad-4689-a6c4-5dee4e4a2325-image.png image url)

      I am trying to get a dhcp address from the Windows Server 2016 domain controller at 192.168.0.5 from the pc connected to switch 2.
      I have setup the DHCP scope for the VLAN on the domain controller and activated it.
      I have enabled the DHCP relay service on PFSense for all downstream interfaces (WAN,LAN and VLAN100) and set the upstream server to 192.168.0.5
      If I set an address of 192.168.100.49 for the pc with a gateway of 192.168.100.1 and a DNS address of 192.168.0.5, I am able to reach the internet and can ping other devices by hostname on the 192.168.0 network from the pc, so I know that the pc is using the DNS of the domain controller.

      I am NOT able to ping from a pc on the 192.168.0 network to the 192.168.100.49 pc

      Switch 1 is a D-Link DGS-1510
      Switch 2 is a TP-Link TL-SG108E
      Port 1 is tagged for VLAN 100
      Port 2 is untagged for VLAN 100 with a PVID of 100

      I have created VLAN 100 on PFSense with an IP Address of 192.168.100.1 and added any – any rules to both the VLAN and WAN interfaces for testing

      The WAN port of the PFSense firewall ip is 192.168.0.2 with an upstream gateway of 192.168.0.1

      I have not set anything on the D-Link switch, Router or Hypervisor yet as I am not quite sure what I need to set to allow the VLAN traffic to reach the domain controller.

      Can anyone give a little advice as to what I need to set?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Gazza77
        last edited by Gertjan

        @Gazza77 said in VLAN not able to get address from Windows DHCP server:

        I have not set anything on the D-Link switch

        Can't find that D-Link in the image.
        Should I presume that it is "switch 2" ?

        edit :
        This is the test :

        929ffd51-a6a1-4080-b091-f171099435a7-image.png

        Where : "LAN" is your "192.168.100.1" LAN
        Protocol is UDP, as DHCP uses UDP.
        Port 67 and 68, as DHJCP uses these ports.
        Set to 'High' details, as we all like details.

        and hit start.

        Now, on your unnamed device in the left bottom corner, type

        ipconfig /renew.

        (I presume a windows PC)

        Did pfSense, the packet capture, receive the DHCP request ?
        If no .... 2 options :
        Remove the VLAN - the image, imho, show that you don't need it - so why make admin live harder ?
        Or make it work = set it up correctly - My bets : go ask the guy that set up "switch 2" ... as he has the answers.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • G
          Gazza77
          last edited by

          Hi Gertjan,

          Many thanks for the reply

          Switch 1 is a D-Link DGS-1510
          Switch 2 is a TP-Link TL-SG108E

          When i run a packet capture on the LAN interface, pfsense recieves the below

          13:56:18.213103 IP (tos 0x0, ttl 128, id 43152, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0x3ad444f2, Flags [none] (0x0000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:56:18.226155 IP (tos 0x0, ttl 128, id 43153, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0x6528e0fa, Flags [none] (0x0000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:56:22.183686 IP (tos 0x0, ttl 128, id 43154, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0x6528e0fa, Flags [none] (0x0000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:56:25.528076 IP (tos 0x0, ttl 128, id 43155, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0x6528e0fa, secs 768, Flags [none] (0x0000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:56:32.714890 IP (tos 0x0, ttl 128, id 43156, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0x6528e0fa, secs 2560, Flags [none] (0x0000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:56:49.203555 IP (tos 0x0, ttl 128, id 43157, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0x6528e0fa, secs 6912, Flags [none] (0x0000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:57:20.692142 IP (tos 0x0, ttl 128, id 43158, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0xfc0abba2, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:57:24.428477 IP (tos 0x0, ttl 128, id 43159, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0xfc0abba2, secs 768, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:57:33.124621 IP (tos 0x0, ttl 128, id 43160, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0xfc0abba2, secs 3072, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          13:57:50.059935 IP (tos 0x0, ttl 128, id 43161, offset 0, flags [none], proto UDP (17), length 328)
          0.0.0.0.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, xid 0xfc0abba2, secs 7424, Flags [Broadcast] (0x8000)
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)

          If i then run the packet capture against the wan interface i get the below

          14:07:19.116073 IP (tos 0x0, ttl 64, id 52663, offset 0, flags [none], proto UDP (17), length 328, bad cksum 0 (->2a90)!)
          192.168.0.2.67 > 192.168.0.5.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, hops 1, xid 0x822430e8, Flags [none] (0x0000)
          Gateway-IP 192.168.100.1
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          14:07:24.112396 IP (tos 0x0, ttl 64, id 27901, offset 0, flags [none], proto UDP (17), length 328, bad cksum 0 (->8b4a)!)
          192.168.0.2.67 > 192.168.0.5.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, hops 1, xid 0x822430e8, Flags [none] (0x0000)
          Gateway-IP 192.168.100.1
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          14:07:27.581219 IP (tos 0x0, ttl 64, id 57577, offset 0, flags [none], proto UDP (17), length 328, bad cksum 0 (->175e)!)
          192.168.0.2.67 > 192.168.0.5.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, hops 1, xid 0x822430e8, secs 768, Flags [none] (0x0000)
          Gateway-IP 192.168.100.1
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)
          14:07:35.515635 IP (tos 0x0, ttl 64, id 60159, offset 0, flags [none], proto UDP (17), length 328, bad cksum 0 (->d48)!)
          192.168.0.2.67 > 192.168.0.5.67: [udp sum ok] BOOTP/DHCP, Request from 54:bf:64:5f:78:73, length 300, hops 1, xid 0x822430e8, secs 2816, Flags [none] (0x0000)
          Gateway-IP 192.168.100.1
          Client-Ethernet-Address 54:bf:64:5f:78:73
          Vendor-rfc1048 Extensions
          Magic Cookie 0x63825363
          DHCP-Message (53), length 1: Discover
          Client-ID (61), length 7: ether 54:bf:64:5f:78:73
          Hostname (12), length 15: "DESKTOPPC"
          Vendor-Class (60), length 8: "MSFT 5.0"
          Parameter-Request (55), length 14:
          Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
          Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
          Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
          Classless-Static-Route-Microsoft (249), Unknown (252)

          So it looks like the DHCP request is getting to the server but the reply is not getting back for some reason.

          The scope is setup on the server as below

          c2990fba-c9a4-42ce-b1fb-c5ce249952e1-image.png

          and active

          2e1fc0ec-27c5-41ae-91b4-53a7ed1fda88-image.png

          M GertjanG 2 Replies Last reply Reply Quote 0
          • M
            marvosa @Gazza77
            last edited by marvosa

            Unless I'm missing something, you're trying to get an IP address for PC's behind a firewall from a DC that's upstream of the firewall's WAN interface? Right now, you're DC has no idea where 192.168.100.0/24 lives. All traffic destined for 192.168.100.0/24 is hitting the router @ 192.168.0.1 and being dropped.

            For starters, you'd need to add a static route on 192.168.0.1 telling it that 192.168.100.0/24 lives behind 192.168.0.2. Then on PFsense, you'd need to allow the DHCP traffic on the WAN interface from 192.168.0.5. Even then you might run into some gotchas trying to get it to work. This setup is less than ideal. I'd be surprised if you got things working in it's current state. I can't think of a use case where you'd want to forward DHCP traffic for your internal clients out the WAN interface of your firewall.

            You'll want to adjust your design. I would replace your edge router with PFsense, then either add multiple NIC's or use VLANs to isolate additional networks.

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @Gazza77
              last edited by

              @Gazza77 said in VLAN not able to get address from Windows DHCP server:

              So it looks like the DHCP request is getting to the server but the reply is not getting back for some reason.

              The packet capture shows a lot of initial FHCP Discovers coming from a device naming itself "DESKTOPPC" using MAC "54:bf:64:5f:78:73".

              Dono what you mean by "server". The packet capture was running on pfSEnse, and thus the acktes captured reached pfSense. pfSense isn't a server.
              I presume no DHCP server service was running on pfSense, so it didn't (couldn't) answer.
              If there was a DHCP server on the LAN, answers from it would be send directly from it to the requesting "DESKTOPPC" and as these are not broadcast packets, pfSEnse wouldn't "see" them, so can't capture them.
              But, after a discover the server shoudl answer right away - it didn't, so that explains the multiple DHCP DISCOVERS from "DESKTOPPC".

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.