PFSense to provide DHCP ip address to L3 Switch



  • Hi Guys,
    We recently acquire pfsense and below are my local setup

    PFsense:

    Interface 1+interface2 = Lagg0

    LAN= Lagg0 = 192.168.1.1/24

    VLAN1=1.1.1.1/24
    VLAN2=1.1.2.1/24
    VLAN3=1.1.3.1/24
    VLAN4=1.1.4.1/24

    LAGG0 tagged to VLAN1,2,3 and 4

    DHCP enable in all the VLAN interface

    When i enable LAGG and do VLAN tagging for VLAN1,2,3 n 4 on Layer 2 Switch it is working awesome…

    But when i depoly the same settings on Layer 3 switch (HP1910) it is just not working ...
    Below is my layer 3 HP Switch config:

    Lagg0 = Gig0+Gig1 = Hybrid port VLAN1,2,3,4 (tagged) ip address= 1.1.1.254

    Gig2 n Gig3 = VLAN2 = 1.1.2.254

    Gig4 n Gig5 = VLAN3 = 1.1.3.254

    Gig6 n Gig7 = VLAN4 = 1.1.4.254

    default route 0.0.0.0 0.0.0.0 1.1.1.1 30 (default route on the switch)

    i went through some of the pfsense documentation that suggest me to do static route on pfsense
    But if i do that, how will the hosts connected to the layer3 switch get dhcp ip address from as i'm planning to use pfsense as a dhcp server
    Also, i try to disable layer 3 option on the HP switch and it seems that it is not possible...
    Is there a way to make pfsense to relay dhcp ip address to the layer3 switch if a enable static route for each VLANs on the pfsense?

    or is there a way i can create multiple dhcp pool on pfsense that way i don't have to create vlan on the pfsense and
    make the L3 switch take care of the local routing and use pfsense to relay dhcp to the vlans on the switch and also use pfsense only for WAN routing?
    Please help ....



  • As soon as you implement a layer 3 switch, all that broadcast traffic gets blocked because the switch is now also a router.

    You have to tell each VLAN on the switch where your DHCP server is or the switch will not relay your DHCP traffic…. i.e. add an "ip helper address" to each VLAN.



  • Hi Marvosa,

    Thank you for responding… on the switch i did enable DHCP helper
    Below is how the current config is on the switch for DHCP

    VLAN1 : ip 1.1.1.2/24 DHCP Server : 1.1.1.1 (VLAN1 ip on Pfsense)

    VLAN2 : ip 1.1.2.2/24 DHCP Server : 1.1.2.1 (VLAN2 ip on pfsense)

    VLAN3 : ip 1.1.3.2/24 DHCP Server : 1.1.3.1 (VLAN3 ip on pfsense)

    VLAN4 : ip 1.1.4.2/24 DHCP Server : 1.1.4.1 (VLAN4 ip on pfsense)



  • I'm not sure what a hybrid port is on an HP switch, but the cable coming from PFsense would normally need to be trunked on the HP.  You also probably want to get off VLAN 1.  If I'm not mistaken, it's typically default/native and untagged.


  • LAYER 8 Netgate

    When you enable layer 3 on the switch, you would usually not have all of those vlans tagged through to pfSense any more.  There would be just one interface on pfSense and it would need to have a route for all the subnets on the switch.

    Does the pfSense DHCP config even allow multiple scopes outside of the interface's network like that?


  • LAYER 8 Global Moderator

    There has been talk of this in the past, I don't believe pfsense can do scopes for dhcp that it does not have an interface in.    But as mentioned if you doing a layer 3 switch normally the svi's would be on the switch and it would route traffic..  Unless your wanting to route all traffic through pfsense for firewall - then you wouldn't need L3 switch, etc..

    Also your vlans are just examples right - you are not really using 1.1.1 on your local network right??  I hope not - but you have to ask with all the weird stuff you see people do ;)

    Where in pfsense would you create such scope without an interface in that segment?


  • LAYER 8 Netgate

    If you need multiple-scope DHCP it's probably time to move to a dedicated DHCP server / Domain Controller, etc anyway.


  • LAYER 8 Global Moderator

    ^ agreed, seems odd that location large enough to warrant L3 switch and at least 4 vlans would have an actual dedicated dhcp server with failover support even - normally would serve dhcp out of the main office, etc.



  • Hi Guys sorry for the late reply ….All VLAN are virtual interface i created on Pfsense..... and all the VLAN are tagged to the Lagg i created ...
    i setup our HP switch in L2 Mode but it is not just acting as a layer 2 .... today i'm getting replacement from HP will update you the status...
    oh and Hybrid is a port when we tagged multiple vlan ....
    Thanks.... :-)


Log in to reply