DHCP on wrong interface
-
Hi all-
I have pfSense with a pretty basic setup:WAN (em1)
LAN (em0)
Captive Portal (Opt1, em2)LAN is: 192.168.100.0/24 with a Windows DC providing DHCP, options 66&67 configured for PXE
Captive Portal is: 192.168.10.0/24 running pfSense Captive Portal and DHCP.Problem is: sometimes (often) my LAN workstations get DHCP from pfSense in the 192.168.10.0/24 network. This is particularly bad for me because of how we use PXE.
Any ideas?
-
You probably have LAN and OPT1 bridged somewhere. See http://forum.pfsense.org/index.php/topic,30180.0.html
-
I don't believe there is a bridge:
$ ifconfig -a em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1c:c4:0e inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255 inet6 fe80::20c:29ff:fe1c:c40e%em0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1c:c4:18 inet6 fe80::20c:29ff:fe1c:c418%em1 prefixlen 64 scopeid 0x2 inet 24.121.9.91 netmask 0xfffff800 broadcast 255.255.255.255 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:9e:00:01 inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255 inet6 fe80::250:56ff:fe9e:1%em2 prefixlen 64 scopeid 0x3 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 pflog0: flags=100 <promisc>metric 0 mtu 33204</promisc></up,running></up,loopback,running,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast>
-
I don't believe there is a bridge:
OK there isn't a bridge in pfSense. There may be a bridge somewhere else.
Have you tried some of the other suggestions in the topic to which I linked? In particular, have you looked at the pfSense DHCP log?
-
In order for that to happen, something has to be passing broadcast traffic between those two interfaces.
The most common cause would be that both LAN and OPT1 are plugged into the same switch, or the same VLAN on managed switch(es).
If both interfaces are properly segregated into different broadcast domains, DHCP traffic cannot bleed over.