DHCP fails to log and issue ip addresses on all Vlans



  • being so new to pfsense i'm not sure if it's something i'm doing wrong but i'm not to sure so i'll just ask and hope someone can help me out. i do beleive that PFsense can have some great uses and i can see the potential so here i ask, i have a watchguard X1000 with 6 ports 1 serial, P3 1.2 GHZ cpu/512mb Ram/80 GB HDD/pfsense 2.0.1

    RE0 WAN dual IP addresses statically assigned 1 to 1 NAT
    RE1 VLAN 1 ip range X.X.32.X/28 Static assignemt /DHCP enabled/spare- managment port
    RE2 VLAN 2 ip range X.X.36.X/28 Static assignemt /DHCP enabled/ extra port
    RE3 VLAN 2 ip range X.X.36.X/28 Static assignemt /DHCP enabled/Xbox
    RE4 VLAN 2 ip range X.X.36.X/28 Static assignemt /DHCP enabled/ WIFI enabled switch with 4 LAN
    RE5 VLAN 1 ip range X.X.32.X/28 Static assignemt /DHCP enabled/port setup for DMZ for true domain connected to domain firewall.

    so i have enabled the static addresses on re1-re5 and setup DHCP on ports RE1 to RE5, and have setup the default gateway to be my RE1 and RE2 ports ,

    if i assign the laptop a static address i can connect on RE1, i have tried the same on RE2-RE5 and can't get any connection i figured it might have been my dns forwarder so i entered my ISP's DNS server addresses.

    anyhow i still can't get it to work properly. any help would be greatly apreachated.

    after snooping around i found that the dhcpd server won't start no matter what i do . any ideas folks.



  • @xtdanno:

    after snooping around i found that the dhcpd server won't start no matter what i do . any ideas folks.

    I will need a bit more information to work with. How have you been attempting to start dhcpd and what has dhcpd said on those attempts?

    How much of the gear connected to re1 through re5 is VLAN capable?

    On what interfaces have you enabled DHCP? re1? re1_vlan1?

    It is not clear from the information provided that there is any point in having VLANs. Maybe you want to bridge interfaces?

    It would also be helpful to have a bit more information about the IP addresses: in particular are re1 and re5 (or re1_vlan1 and re5_vlan1) in the same network? and are re2, re3 and re4 (or re2_vlan2, re3_vlan2 and re4_vlan2) on the same network? I suspect that most of the items of equipment you have connected are NOT VLAN capable. Hence you may have the following problem:

    • WiFi switch sends DHCP request without a VLAN tag

    • pfSense receives DHCP request on re4 (not re4_vlan2 because there is no VLAN tag) but re4 doesn't have DHCP enabled so request is discarded

    It is commonly recommended that VLAN id 1 not be used because it is the default VLAN in some equipment.



  • I will need a bit more information to work with. How have you been attempting to start dhcpd and what has dhcpd said on those attempts?
    yes and it has said that the dhcpd has been started. but the gui shows it's in a stopped state

    How much of the gear connected to re1 through re5 is VLAN capable?
    The nic in the server on re5 and the switch on re2(dd-wrt) I don’t believe the xbox is but the ip is configurable re3 and the pc on re4 also is configurable for vlans
    currently nothing except the one laptop used to access the settings

    On what interfaces have you enabled DHCP? re1? re1_vlan1?
    re1_vlan1
    re2_vlan2
    re3_vlan2
    re4_vlan2
    re5_vlan1

    but this was more of a last ditch effort to see if this would change after having it enabled on only
    re1_vlan1
    re2_vlan2

    It is not clear from the information provided that there is any point in having VLANs. Maybe you want to bridge interfaces?
    bridging would be fine with bridging

    this would be ideal for a min game lan.
    re2
    re3
    re4
    I would be using this for my home domain
    and re1 and re5

    It would also be helpful to have a bit more information about the IP addresses: in particular are re1 and re5 (or re1_vlan1 and re5_vlan1) in the same network? and are re2, re3 and re4 (or re2_vlan2, re3_vlan2 and re4_vlan2) on the same network? I suspect that most of the items of equipment you have connected are NOT VLAN capable. Hence you may have the following problem:
    •WiFi switch sends DHCP request without a VLAN tag
    •pfSense receives DHCP request on re4 (not re4_vlan2 because there is no VLAN tag) but re4 doesn't have DHCP enabled so request is discarded

    Sure
    Re1 10.10.32.254   laptop 1 10.10.32.184
    Re5 10.10.32.253   laptop 2 10.10.32.185
    Re2 10.10.36.254   laptop 3 10.10.36.184
    Re3 10.10.36.253   laptop 4 10.10.36.185
    Re4 10.10.36.252   laptop 5 10.10.36.186
    For testing I have 5 laptops currently plugged into the five ports
    Re1 and 5 have 10.10.32.254 as gateway
    Re2 re3 re4 have 10.10.36.254 as gateway
    Configured with ddwrt wifi switch

    It is commonly recommended that VLAN id 1 not be used because it is the default VLAN in some equipment.
    Ok so I can try this when I get home today and post the results later.



  • Since bridging seems to really be what you want I suggest you bridge re2, re3 and re4 first (assuming the laptop you are using to access the pfSense settings is not in that lot).

    You should remove the VLAN on re2, re3 and re4, disable DHCP on those interfaces and change the interface type to None on those interfaces. will need to create a bridge, add members re2, re3 and re4, assign a pfSense interface name to the bridge, configure an IP address and DHCP server for the bridge and enable the bridge. Then test you get a DHCP response on one or more systems connected to one of the bridge interfaces and check the DHCP server log on pfSense (Status -> System Logs, DHCP tab)

    Then repeat for re1 and re5 except you should assign that bridge the pfSense name LAN. And you will also need to reconfigure the laptop with VLAN enabled.

    You will probably want to tweak some system tunables but lets see if you can get through the bridge configuration first.



  • looks like it hasn't worked unless  i somehow missed a step but it's only working on RE1 and the dhcpd service is running now but RE2-RE5 still not getting addy's



  • Without knowing what you have done or more details about what you are seeing its difficult to suggest an action.

    Does the DHCP log report seeing DHCP requests from re2 through re5 (or the corresponding bridges)? Does the firewall log report blocking any DHCP requests? You should look soon after you think a request has been made because the logs report only the most recent activity. See Status -> System Logs, click on DHCP or Firewall tab.



  • the steps taken were to the letter as per your directions no devation was taken. but i will check the logs and let you know what the out come is. and thank you for your reply.



  • so this is what i have
    Feb 5 14:33:10 dhcpd: Sending on Socket/fallback/fallback-net
    Feb 5 14:33:10 dhcpd: Sending on BPF/re1/00:00:00:00:0f:e9/10.16.32.240/28
    Feb 5 14:33:09 dhcpd: Listening on BPF/re1/00:00:00:00:0f:e9/10.16.32.240/28
    Feb 5 14:33:08 dhcpd: Sending on BPF/re2/00:00:00:00:0f:ea/10.16.36.128/25
    Feb 5 14:33:08 dhcpd: Listening on BPF/re2/00:00:00:00:0f:ea/10.16.36.128/25
    Feb 5 14:33:07 dhcpd: Multiple interfaces match the same shared network: re1 re5
    Feb 5 14:33:07 dhcpd: Multiple interfaces match the same subnet: re1 re5
    Feb 5 14:33:06 dhcpd: Multiple interfaces match the same shared network: re2 re4
    Feb 5 14:33:05 dhcpd: Multiple interfaces match the same subnet: re2 re4
    Feb 5 14:33:05 dhcpd: Multiple interfaces match the same shared network: re2 re3
    Feb 5 14:33:04 dhcpd: Multiple interfaces match the same subnet: re2 re3



  • Each pfSense interface needs to have a distinct subnetwork. You began with re2 as X.X.36.X/28 and now it is reported by dhcpd as 10.16.36.128/25 so you have apparently quietly changed the interface IP addresses and/or masks without keeping the subnets distinct.

    If you aren't sure how to correct it post the output of pfSense command ifconfig -a

    The dhcpd log displays enough information to identify the area of the problem (for example, the networks on re1 and re5 have overlapping IP addresses) but not enough detail to identify precisely what the problem is (it doesn't give the IP address and mask of re5).



  • re0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                                                                                                            0
            options=38db <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w   ="" ol_ucast,wol_mcast,wol_magic="">ether 00:00:00:00:00:08
            inet6 xx00::000:0000:00000e8%re0 prefixlen 64 scopeid 0x1
            inet 10.10.99.117 netmask 0xfffffe00 broadcast 10.10.28.255
            inet 10.10.99.234 netmask 0xffffff00 broadcast 10.10.24.255
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    re1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                                                                                                            0
            options=38db <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w   ="" ol_ucast,wol_mcast,wol_magic="">ether 00:00:00:00:00:089
            inet 10.10.32.254 netmask 0xfffffff0 broadcast 10.10.32.255
            inet6 fe80::290:7fff:fe33:fe9%re1 prefixlen 64 scopeid 0x2
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>status: active
    re2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                                                                                                            0
            options=38db <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w   ="" ol_ucast,wol_mcast,wol_magic="">ether 00:00:00:00:00:ea
            inet 10.10.36.254 netmask 0xffffff80 broadcast 10.10.36.255
            inet6 0000::0000:0000:0000:fea%re2 prefixlen 64 scopeid 0x3
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>status: no carrier
    re3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                                                                                                            0
            options=38db <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w   ="" ol_ucast,wol_mcast,wol_magic="">ether 00:00:00:00:00:08b
            inet 10.10.36.253 netmask 0xffffff80 broadcast 10.10.36.255
            inet6 re3 prefixlen 64 scopeid 0x4
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>status: no carrier
    re4: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                                                                                                            0
            options=38db <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w   ="" ol_ucast,wol_mcast,wol_magic="">ether 00:00:00:00:00:08c
            inet 10.10.36.252 netmask 0xffffff80 broadcast 10.10.36.255
            inet6 fe80::290:7fff:fe33:fec%re4 prefixlen 64 scopeid 0x5
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>status: no carrier
    re5: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 150                                                                                                                                                            0
            options=38db <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w   ="" ol_ucast,wol_mcast,wol_magic="">ether 00:00:00:00:00:08d
            inet 10.10.32.253 netmask 0xfffffff0 broadcast 10.10.32.255
            inet6 re5 prefixlen 64 scopeid 0x6
            nd6 options=3 <performnud,accept_rtadv>media: Ethernet 100baseTX <full-duplex>status: no carrier
    pflog0: flags=100 <promisc>metric 0 mtu 33200
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
            nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
            syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
    enc0: flags=0<> metric 0 mtu 1536
    bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 00:00:00:00:00:08
            id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
            maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
            root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
            member: re4 flags=3 <learning,discover>ifmaxaddr 0 port 5 priority 128 path cost 55
            member: re3 flags=3 <learning,discover>ifmaxaddr 0 port 4 priority 128 path cost 55
            member: re2 flags=223 <learning,discover,edge>ifmaxaddr 0 port 3 priority 128 path cost 55
    bridge1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether 00:00:00:00:00:08
            id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
            maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
            root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
            member: re5 flags=93 <learning,discover,sticky,ptp>ifmaxaddr 0 port 6 priority 128 path cost 55
            member: re1 flags=93 <learning,discover,sticky,ptp>ifmaxaddr 0 port 2 priority 128 path cost 200000

    btw since the last changes were made i am no longer able to get into the web interface. but the reqested out put is posted</learning,discover,sticky,ptp></learning,discover,sticky,ptp></up,broadcast,running,simplex,multicast></learning,discover,edge></learning,discover></learning,discover></up,broadcast,running,simplex,multicast></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></promisc></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w ></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w ></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w ></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w ></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w ></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,polling,vlan_hwcsum,w ></up,broadcast,running,promisc,simplex,multicast>



  • @xtdanno:

    the steps taken were to the letter as per your directions no devation was taken.

    It looks to me as if you left out  the last step in this sequence:
    @wallabybob:

    You should remove the VLAN on re2, re3 and re4, disable DHCP on those interfaces and change the interface type to None on those interfaces.

    You might be able to gain access to the web GUI through re0. Here I run into a difficulty in that the IP address, netmask and broadcast address reported are inconsistent. For example, if the IP address is really 10.10.99.234 with netmask 0xffffff00 then the broadcast address is really 10.10.99.255 not the reported 10.10.24.255. Whatever the facts of the matter, if you want to try this approach you will need to configure the computer you plug into re0 with an IP address that is on one of the subnets on re0 and different from the re0 IP address on that subnet. Then plug the computer into re0 and see if you can attach to the pfSense web GUI. If the computer can attach to the pfSense web GUI, then you need to
    1. disable DHCP on re2, re3 and re4,
    2. set the interface type of re2, re3 and re4 to None,
    3. assign an appropriate IP address and netmask to bridge0 (say 10.10.36.253/25)
    4. enable DHCP on bridge0.
    5. Check DHCP log to verify it started correctly.

    If DHCP started correctly then you can do a similar set of steps to re1, re5 and bridge1. Can I trust you to correctly extrapolate? :-)



  • so it looks after my last changes i pooched the install no prob i'll follow these instructions after i reload that HDD with a fresh image. and post the results.



  • You might be able to gain access to the web GUI through re0. Here I run into a difficulty in that the IP address, netmask and broadcast address reported are inconsistent. For example, if the IP address is really 10.10.99.234 with netmask 0xffffff00 then the broadcast address is really 10.10.99.255 not the reported 10.10.24.255. Whatever the facts of the matter, if you want to try this approach you will need to configure the computer you plug into re0 with an IP address that is on one of the subnets on re0 and different from the re0 IP address on that subnet. Then plug the computer into re0 and see if you can attach to the pfSense web GUI.
    this failed miserably but was able to get back in by simply going in by putty and resetting the web configurator.  and resetting factory defaults.

    If the computer can attach to the pfSense web GUI, then you need to
    1. disable DHCP on re2, re3 and re4, this was already done
    2. set the interface type of re2, re3 and re4 to None, after a bit of searching i was able to find this option and it has been done.
    3. assign an appropriate IP address and netmask to bridge0 (say 10.10.36.253/25) i have not been able to locate this option
    4. enable DHCP on bridge0.
    5. Check DHCP log to verify it started correctly.

    If DHCP started correctly then you can do a similar set of steps to re1, re5 and bridge1. Can I trust you to correctly extrapolate? :-)



  • ok so i wiped out the current config for the bridge and setting s for the individual lan ports. i'm stuck on a small issue regarding your directions  and need a bit of help to find the correct locations for these settings.

    If the computer can attach to the pfSense web GUI, then you need to
    1. disable DHCP on re2, re3 and re4, this was already done
    2. set the interface type of re2, re3 and re4 to None, after a bit of searching i was able to find this option and it has been done.
    3. assign an appropriate IP address and netmask to bridge0 (say 10.10.36.253/25)could not find this option
    4. enable DHCP on bridge0. could not find this option
    5. Check DHCP log to verify it started correctly.

    so where do i find the options for step 3 and 4



  • Sorry, I think I did leave out a step. Its some months since I added a bridge interface to pfSense.

    After creating the bridge interface it is necessary to add it to pfSense's list of interfaces. On my previous list between step 2 and 3 add:
    2.a On Interfaces -> (assign) if bridge0 doesn't appear in the Network Ports column click the "+" button towards the bottom of the page to add bridge0 to the pfSense pool of usable interfaces. It should then appear in the Network Ports column to the right of an interface named OPTx (x a counting number). The name OPTx will then be used in steps 3 and 4 which become:
    3. assign an appropriate IP address and netmask (say 10.10.36.253/25) to the pfSense OPTx interface (bridge0): Interfaces -> OPTx
    4. enable DHCP on pfSense OPTx interface (Services -> DHCP server, click on OPTx tab and click the Save button)



  • ok so i setup re2 re 3 re 4 on bridge 2 and re1 and re5 on bridge1 applied settings and lost all connectivity i think i should have stuck to my guy feeling and kept re 1 as management and re 5 as it's own so i'm going to reinstall pfsense and start from scratch and try it again.



  • ok so

    RE0=WAN
    RE1=Management
    RE2=Domain
    RE3=Bridge1
    RE4=Bridge1
    RE5=Bridge1

    followed your steps to the letter . the bridge is working and the so are the other dhcp servers. so now i'm totally stumped as i have entered my static information and yet i still get no internet, i'm a bit puzzeled as i checked the log files and it does show some connectivity but yet not pinging to the internet only to other devices. on the same lan even though this was a fresh install i followed the setup wizard and then created the bridge needed and segrated port bounced the box and still nothing but local machines.



  • @xtdanno:

    the bridge is working and the so are the other dhcp servers.

    Progress!

    I'm sorry if I gave the impression fixing the bridging wass you needed to do.

    @xtdanno:

    so now i'm totally stumped as i have entered my static information and yet i still get no internet, i'm a bit puzzeled as i checked the log files and it does show some connectivity but yet not pinging to the internet only to other devices.

    No internet from where - pfSense console? machine on bridge1? machine on Management lan? machine on Domain lan? What application are you using to test internet connectivity and what doe the application report?

    What connectivity is shown in the log files? please identify which log files and provide the relevant text from the log file,

    Maybe you have DNS problem, maybe a client configuration problem, maybe a problem on the pfSense WAN link, maybe a firewall rule problem etc etc.



  • it was and the dhcp is now working my first problem was DHCPD was not working as the service kept dying. and not starting up.
    so yes thank you for your help on this and even with my isp line plugged in i still don't get internet on any of the interfaces. so now i'm trying to get the internet interface working ultimately what i want to do is this

    RE0  =  isp ip 123.123.123.122  =  RE1 and RE2
    RE0  =  isp ip 123.123.123.123    =  Bridge1

    as i have two static ip's from my ISP  and route my 122 address to my domain firewall and create a DMZ for my firewall using pfsense to do the prefiltering for  my exchange server. and use the 123 address for my game lan.
    segragating  both my networks but giving the speed for my online gaming.



  • it was and the dhcp is now working my first problem was DHCPD was not working as the service kept dying. and not starting up.
    so yes thank you for your help on this and even with my isp line plugged in i still don't get internet on any of the interfaces. so now i'm trying to get the internet interface working ultimately what i want to do is this

    RE0  =  isp ip 123.123.123.122  =  RE1 and RE2
    RE0  =  isp ip 123.123.123.123    =  Bridge1

    as i have two static ip's from my ISP  and route my 122 address to my domain firewall and create a DMZ for my firewall using pfsense to do the prefiltering for  my exchange server. and use the 123 address for my game lan.
    segragating  both my networks but giving the speed for my online gaming.
    i hope this clears things up a bit more.


Log in to reply