DHCP on wrong interface



  • Hi all-
    I have pfSense with a pretty basic setup:

    WAN (em1)
    LAN (em0)
    Captive Portal (Opt1, em2)

    LAN is: 192.168.100.0/24 with a Windows DC providing DHCP, options 66&67 configured for PXE
    Captive Portal is: 192.168.10.0/24 running pfSense Captive Portal and DHCP.

    Problem is: sometimes (often) my LAN workstations get DHCP from pfSense in the 192.168.10.0/24 network. This is particularly bad for me because of how we use PXE.

    Any ideas?



  • You probably have LAN and OPT1 bridged somewhere. See http://forum.pfsense.org/index.php/topic,30180.0.html



  • I don't believe there is a bridge:

    $ ifconfig -a
    em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1c:c4:0e
    	inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255
    	inet6 fe80::20c:29ff:fe1c:c40e%em0 prefixlen 64 scopeid 0x1 
    	media: Ethernet autoselect (1000baseTX <full-duplex>)
    	status: active
    em1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:1c:c4:18
    	inet6 fe80::20c:29ff:fe1c:c418%em1 prefixlen 64 scopeid 0x2 
    	inet 24.121.9.91 netmask 0xfffff800 broadcast 255.255.255.255
    	media: Ethernet autoselect (1000baseTX <full-duplex>)
    	status: active
    em2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:9e:00:01
    	inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
    	inet6 fe80::250:56ff:fe9e:1%em2 prefixlen 64 scopeid 0x3 
    	media: Ethernet autoselect (1000baseTX <full-duplex>)
    	status: active
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    	inet 127.0.0.1 netmask 0xff000000 
    	inet6 ::1 prefixlen 128 
    	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
    enc0: flags=0<> metric 0 mtu 1536
    pfsync0: flags=41 <up,running>metric 0 mtu 1460
    	pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128
    pflog0: flags=100 <promisc>metric 0 mtu 33204</promisc></up,running></up,loopback,running,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast> 
    


  • @unsichtbarre:

    I don't believe there is a bridge:

    OK there isn't a bridge in pfSense. There may be a bridge somewhere else.

    Have you tried some of the other suggestions in the topic to which I linked? In particular, have you looked at the pfSense DHCP log?


  • Rebel Alliance Developer Netgate

    In order for that to happen, something has to be passing broadcast traffic between those two interfaces.

    The most common cause would be that both LAN and OPT1 are plugged into the same switch, or the same VLAN on managed switch(es).

    If both interfaces are properly segregated into different broadcast domains, DHCP traffic cannot bleed over.


Log in to reply