Dual LAN DHCP Issue

KevinMac

I have a single WAN and dual LAN

Each LAN is connected to a switch.

Each switch has 4 clients.

I am trying to have it so that both LANs can communicate together, and are on the same subnet. LAN1 works just fine, but LAN2 only works if I manually specify the IP address.

I keep getting DHCP Server timeout settings. I have tried bridging LAN2 to LAN1, no success. I have tried both static IP and DHCP on LAN2. I even went so far as to disable the bridge, set a static IP and enable the DHCP server in the DHCP Server > LAN2 tab.

My LAN has IP Addy of 10.0.100.*

DHCP server starts at 10.0.100.10 and ends at 10.0.100.245, the lan ip of the server is 10.0.100.1

I tried setting the LAN2 address to 10.0.100.6 and enabling the same IP range on both DHCP LAN Cards, still cant communicate.

LAN2 firewall settings are any protocol, source lan2 subnet destination any.

any ideas?

wallabybob

It would probably make more sense to have a single switch (or multiple switches) and one LAN interface on pfSense. Then your "LAN" systems can communicate without having to go through pfSense.

Otherwise, in pfSense, bridge LAN2 to LAN (in Interfaces -> LAN2 under IP Configuration, select Bridge with LAN) and enable DHCP server on LAN and make sure there are firewall rules on LAN2 to allow appropriate traffic (all TCP and all UDP?) from LAN2 to LAN and LAN2 to the internet. The default firewall rules for LAN2 will be very restrictive because its not LAN.

Then verify DHCP works on LAN interfaces, LAN2 interfaces, then both LAN2 and LAN can communicate with the internet and both LAN and LAN2 can communicate with each other.

I have a similar configuration to what you describe except my "LAN2" is a wireless LAN.

danswartz

Same here.  And I second your recommendation.  It doesn't make a lot of sense to have two discrete LAN interfaces if they are going to be in the same broadcast domain.

jimp

If you must do this, bridge LAN2 to LAN1. Do not put an IP address on LAN2 and you can't run DHCP on LAN2 either, however when bridged, it will pull IPs from LAN1's DHCP server.

You will need a firewall rule on LAN2 to allow DHCP traffic, not just "pass from <lan subnet="">to *" as when clients try DHCP, they have no IP yet and thus no subnet.</lan>

KevinMac

Thanks guys for the help. Seems I was clicking Lan2 net instead of any, once I did that in the firewall rule all is working now :)

I know it doesnt make much sense to do this the way I am doing it, however my reasons for doing it this way is due to expenses… I know switches are cheap, can be had for as little as $15 in some places, however I only needed one extra port, and its only for a tech bench. Previously I had been disconnecting the cat5 from my test-server to get internet to computers I am reformatting or testing for clients... doing it this way allows me my extra port without having to invest in extra hardware. The machine has 4 ethernet cards plus a wifi anyways, so I was prepared for a dual wan dual lan solution when I built the machine... was thinking ahead :)

Thanks for the feedback!