Dual WAN DHCP Issues

pfsense_user1

I'm trying to setup a second WAN interface on my 2100. When I power cycle the Spectrum modem, it briefly shows IP 192.168.100.1 for the interface, but then never gets a public IP. I mention the 192 address because it shows me that the modem and pfSense are communicating, but DHCP isn't working. 192.168.100.1 is just the internal mgmt IP for the modem.

After the power on of the modem completes, it reverts to no IP addresses for WAN2:

Interfaces:

I tried setting the parent interface on both LAN and WAN. I'm not sure if this is contributing to the issue.

The connection from the modem to the pfSense is on Port 3.

mcury

@pfsense_user1

In the DHCP server configuration, there is this option:

Just set 192.168.100.1 there.

pfsense_user1

@mcury Hello thank you for the response. I tried adding that setting in, but it never assigns an IPv4 address.

One item that I didn't mention originally is that IPv6 is sometimes handed out, but it's sporadic:

It never assigns an IPv4 address, before or after adding in the "reject leases from" setting.

I tried turning off IPv6 on the WAN2 interface, and also deleting the IPv6 WAN2 gateway with no luck:

stephenw10

Since it showed the 192.168.100.1 gateway address it must have pulled a lease containing that. It may not have been from that IP though. Check the dhcp logs to see what's happening then.

pfsense_user1

@stephenw10 The dhclient logs only show activity for WAN1, not WAN2.

I ran a packet capture on WAN2 and this is what I got. I ran the capture after doing a modem reboot.

16:52:56.503025 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:04.561132 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:05.503615 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:07.504406 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:12.507199 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:22.507780 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:33.589897 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:35.121168 IP 192.168.0.1 > 224.0.0.22: igmp
16:53:35.845608 IP 192.168.0.1 > 224.0.0.22: igmp
16:53:38.310160 IP 192.168.0.1 > 224.0.0.22: igmp
16:53:38.525158 IP 192.168.0.1 > 224.0.0.22: igmp
16:53:45.505022 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:45.506322 IP 192.168.100.1.67 > 192.168.100.10.68: UDP, length 300
16:53:53.505188 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 300
16:53:53.506328 IP 192.168.100.1.67 > 192.168.100.10.68: UDP, length 300
16:54:05.731285 ARP, Request who-has 192.168.100.10 tell 192.168.100.10, length 28
16:54:07.178225 ARP, Request who-has 192.168.100.1 tell 192.168.100.10, length 28
16:54:07.179570 ARP, Reply 192.168.100.1 is-at <MAC removed>, length 46
16:54:07.179622 IP 192.168.100.10 > 192.168.100.1: ICMP echo request, id 11720, seq 0, length 64
16:54:07.180623 IP 192.168.100.1 > 192.168.100.10: ICMP echo reply, id 11720, seq 0, length 64
16:54:20.253659 IP 192.168.100.10 > 192.168.100.1: ICMP echo request, id 12980, seq 0, length 9
16:54:20.255227 IP 192.168.100.1 > 192.168.100.10: ICMP echo reply, id 12980, seq 0, length 9
16:54:20.761851 IP 192.168.100.10 > 192.168.100.1: ICMP echo request, id 12980, seq 1, length 9
16:54:20.763220 IP 192.168.100.1 > 192.168.100.10: ICMP echo reply, id 12980, seq 1, length 9
16:54:21.777608 ARP, Request who-has 192.168.100.1 tell 192.168.100.10, length 28
16:54:21.778419 ARP, Reply 192.168.100.1 is-at <MAC removed>, length 46
16:54:21.778477 IP 192.168.100.10 > 192.168.100.1: ICMP echo request, id 12980, seq 2, length 9
16:54:21.779491 IP 192.168.100.1 > 192.168.100.10: ICMP echo reply, id 12980, seq 2, length 9
...
16:54:39.519584 ARP, Request who-has 72.X.X.X tell 72.X.X.X, length 46
...

The interface appears to be on a public subnet, but it doesn't get an address. After doing a reboot of the pfSense, it got IP 192.168.100.10. I rebooted the modem after that, and it got IP 192.168.100.1. I still have the "reject leases from" set to "192.168.100.1,192.168.100.10".

stephenw10

Right so it definitely pulled a lease. There should be something shown in the dhcp log when that happened.

But the pcap shows the dhcp response was from 192.168.100.1 so it should have rejected that offer. Again I'd expect to see something logged.

chpalmer

Are both connections from the same ISP?

pfsense_user1

@chpalmer No they are separate ISPs

stephenw10

On a 2100 the WAN has a different MAC so shouldn't be a problem. That can be an issue on the 7100.

But, yes, maybe requires a different client identifier?