[SOLVED] No DHCP on LAN port 2



  • Setup pfSense 2.0 on Watchguard
    Port 1 - Wan - dhcp ok
    port 2 - Lan - Client discover / DHCP pfSense offer - nothing else in logs
    port 3 - Wireless Guest Services with Portal - ok -

    This setup works in the lab on my dlink 10/100/1000 switch 8 port and DHCP working ok.
    In the proctuction environment with Cisco/Linksys 24 port unmanaged switch - no dhcp?

    Lan has two rules:
    Lockout rule for ports 25, 80 & 443 in first place
    any - any rule in second place…
    What else do I need?
    Thx...
    Packages - Squid & Squid Proxy...

    Thanks..

    H.



  • @hmeister:

    This setup works in the lab on my dlink 10/100/1000 switch 8 port and DHCP working ok.
    In the proctuction environment with Cisco/Linksys 24 port unmanaged switch - no dhcp?

    Suggests its a switch issue (you just changed the switch and it stopped working).

    But, no harm in checking that pfSense is seeing the DHCP requests from your clients: take a look at Status -> System Logs, click on DHCP tab. If you don't see the DHCP requests there you could check the firewall log to see if DHCP requests are being reported blocked.

    Firewall rules take rather more parameters than you have given so its not possible to tell from the information you have provided if your firewall rule will pass DHCP traffic. Firewall rules for DHCP have been discussed a number of times in the pfSense forums: a search for DHCP and firewall rules will probably turn up some examples.



  • Wally…

    Ok - yes thanks for the tip on the firewall logs...
    I was so focused on the dhcp not working I forgot to look there...
    Will update you asap...

    Thanks for the reply...

    H.



  • Wally…
    I had to pull the box from the customers production lan.
    So getting the firewall log files is mute at this time...

    I am focusing on getting the switch situation under control and trying to determine why this issue happens on the Cisco un-managed switch. So I am configuring one 3750 in the lab... It is not the same as the SR224G Cisco switch but is displaying similar issues. When I plug in the lan port all the light does is blink at me...
    So I will check the logs now that the watchguard is back in the lab and try to determine why it will not connect to the switch...

    I still think this is possibly a rule issue as when I implemented my first build it did route on the customers Cisco SR224G. I setup the Lan subnet on a 10.0.0.1/24 but the customers lan is setup on 192.168.111.1/24 (Watchguard 6 Firebox default subnet). After closer review we decided to make the subnet the same.  When I plugged in the Watchguard the first time on the customers network the DHCP was passing through that Cisco switch ok on the 10.0.0.1/24.

    We decided to change the subnet and that's when all this fun started - I changed the Lan subnet to this addressing above and rebuilt the rules etc. It all worked in the lab ok. So I am loosing confidence in my ability to control this or just need to start hitting this with a bigger stick. It may be right in front of me but I have not determined why I have all this heartburn...

    What kills this for me is this works in the lab on the simple Dlink switch and then when I go deliver it falls down and fails to route on the customers network. Since we only have the small change window to pull down the customers network, plug in their watchguard/pfsense firewall there is not a lot of time to get this working. I sat last sunday for about 2 hrs. trying to massage the lan rules etc but did not get this working. Thats when I saw the DHCPDISCOVER / DHCPOFFER in the logs and that is where it stops.

    Thanks for the reply... Still going...

    H.



  • UPDATE…

    The Guest Wireless port working on Cisco 3750...
    I have more work to do...
    I don't understand why LAN port is not working but getting closer...
    I must have bad rule - Not even a light comes on? But this works on the dLink in the lab.

    I disabled the Lan port and re-added however there is a default admin rule that shows up to allow HTTPS no lockout... Not sure I saw this when I first started this build out. Anyway, I am thinking of running on different ports as could there be an issue with this port? Still looking...

    Wan - re0
    old Lan - re1
    old Guest Wireless - re2

    I will rework re2 for LAN and move GuestWireless to re3 and try that...
    I will test the Cisco 3750 on this setup to see what happens....

    Thx...

    H.



  • UPDATE…

    Looks like a bad hardware issue...
    I removed the drive and put this into another x700 and it runs!
    Dunno what the deal is but here is what the interface was doing...

    The 3750 is running without any config and setup in default.
    I will have to test out the other box but it appears that something may be up with re1?

    Thanks for all your suggestions…

    UPDATE - 6/15/2011 - I tried the default OEM memory and replaced the processor to the OEM celeron - No Joy...
    This re1 port is still having issue. So I will use re0-re2-re3 etc. and bypass re1... Now I am not sure if anyone can trust this box...!  :-\

    H.


Locked