New Wireless 802.1X setup, problems acquiring address (sometimes)
-
I fear this is going to be a harder one to troubleshoot since it's not consistent, however:
I just installed pfsense 2.0 on my ALIX board
I setup 802.1X, it authenticates and works seemingly greatI'll install the certificate on a Windows XP machine, and then try connecting to the wireless, it will prompt for me to process my logon information (in windows) I'll click ok, it then says "Acquiring Network Address" and it will sit there until it times out and goes to "Limited Connectivity", I'll then disconnect and repeat the process once or several times and get the same result, but then sometimes it will Connect successfully, this behavior is consistent over several different laptops.
I created a bridge between my WIFI connection and LAN connection, and created rules in the firewall allowing traffic on the bridge/wifi/lan. I'm not quite sure what to even begin checking to see why I have troubles getting an IP address through DHCP.
Any suggestions?
Thanks!
-
I created a bridge between my WIFI connection and LAN connection, and created rules in the firewall allowing traffic on the bridge/wifi/lan. I'm not quite sure what to even begin checking to see why I have troubles getting an IP address through DHCP.
From the web GUI: Status -> System Logs, click on the DHCP tab to see the log of the DHCP server; click on Firewall to see details of packets logged by the firewall.
The DHCP server will report requests like this Dec 14 05:15:10 dhcpd: DHCPREQUEST for 192.168.x.y from 00:30:18:b0:19:85 (pfsense2) via vr0
After you changed the firewall rules you might have needed to reset firewall states; see Diagnostics -> States, click on Reset States tab.
Suggestion: Poke your Windows system to issue DHCP request (ipconfig /renew in Command prompt window). Is the DHCP request logged in pfSense DHCP log? If not, was it blocked by the firewall? If pfSense logged the DHCP request does it log further interactions.
Your intermittent success in getting an IP address reminds me of a problem I saw with XP laptops on my home network. This problem was that the laptops weren't taking any notice of DHCP responses. I fixed it with a registry change suggested on the internet. I can't remember the details but may have them recorded somewhere.
-
I should have mentioned, pfsense is not acting as a dhcp server, I have a machine on the network that provides dhcp already, so of course the dhcp log is empty.
I've tried resetting the states like you suggested, but it's still not fixed.
One trend I seem to be seeing is clients that have already joined the wireless successfully don't seem to have trouble joining it again (getting an address), it still takes ~20 seconds, but works. New clients connecting for the first time, timeout waiting for an address, then the 2nd or 3rd time they usually do get an address.
It seems like something is definitely causing a slow-down or preventing dhcp all together.
I'll start watching the packets themselves and see if that helps any, but in the mean time, if anyone has suggestions I'll gladly try them.
Thanks for the reply as well wallabybob!
-
Do you firewall rules allow access to DHCP from and to any IP address? If that doesn't work, since you are using a different system as the DHCP server, have you tried using the DHCP relay? (Services: DHCP Relay)