4. Cisco AP + Dell Switches + pfSense = Headache

Cisco AP + Dell Switches + pfSense = Headache

  • I

    Perhaps it's the limitations of the various GUIs, but I'm having issues with routing DHCP requests (and, presumably, any other traffic) from a 2nd SSID on the Cisco AP to the pfSense DHCP server.  Here's the general setup:

    Cisco 1140 AP with 2 SSIDs/VLANs.  Native VLAN contains primary SSID, all working.  VLAN100 contains guest SSID, broadcasting, but clients cannot get IP via DHCP.

    Dell PowerConnect 2724 switches (x2).  AP is connected to port 2 on first switch, port has been added to VLAN100 on the switch (tagged).  Switches are connected via fiber port 24 on first switch and port 23 on second switch.  Both of those ports have been added to VLAN100 (tagged) as well.  pfSense LAN port is connected to port 9 on second switch, port has been added to VLAN100 on the switch.  PVID for all ports on the switches remain at 1 (Native VLAN), changing in-use ports to PVID 4095 (as I've seen suggested for trunking ports on these Dell switches) results in loss of network connectivity.  Should I be trunking unused ports?

    pfSense has had VLAN100 created and linked to LAN interface (em0).  DHCP server exists on LAN interface (everything working normally) and I've created another on VLAN1000 interface.  It is enabled for a range of IPs in the 10.100.1/24 subnet.  I've also created a firewall rule for the VLAN100 interface that allows all traffic from the VLAN100 network to any destination (until I can get things working generally).

    I'm pretty sure the problems lie with the Dell switches somewhere, but I'm posting here to see if this routing is sound, and to see if there's something obvious I'm overlooking (or perhaps not so obvious).

    Thanks for the help!

    0
  • K

    You're saying "routing DHCP requests"? Well that's not possible since DHCP works entirely on broadcasts. You'll need DHCP relay somewhere if you want the DHCP server to be on a different subnet that it serves.

    0
  • I

    There is a second DHCP server serving that VLAN100 network on the pfSense…

    0
  • C

    sounds like your tagging is missing or wrong somewhere. Dell switches are a wreck with VLANs and span ports so figuring it out short of a network tap might be a lot of fun. Make sure the AP is tagging correctly, and the switch ports for both the AP and the firewall are tagged.

    0
  • B

    Im curious if this has been fixed or figured out. I'll have to use a Dell Switch with PFSense very soon so its interesting to see some insight on Vlans with PFSense and Dell Switches

    0
  • C

    @bolerodan:

    Im curious if this has been fixed or figured out. I'll have to use a Dell Switch with PFSense very soon so its interesting to see some insight on Vlans with PFSense and Dell Switches

    Dell switches with VLANs work fine, my prior post may have implied otherwise, but that's limited only to span port functionality on the switch. I've done some deployments with over 100 VLANs on Dell switches. This isn't a general problem with Dell switches or pfSense, simply a configuration problem.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy