Cable modem DHCP Pfsense and ESXI
-
Guys I am having a strange problem with Pfsense running on ESXI. First off I am using two managed switches in this configuration the first switch is a Powerconnect 2816. I have a lag that's running from the Powerconnect over to an HP 1800 24G. I connect my cable modem into vlan 105 I than pass that same vlan via the lag over to the 1800-24G. From there I run a cable from one of my ESXI servers over to a port on the 1800-24G that is part of vlan 105. So Pfsense will DHCP its wan IP from the cable modem. The problem is the Pfsense vm has a hard time pulling the wan ip from the modem I had to reboot the modem at least 4 times. The last time I pulled power on the modem let it sit for 45 minutes or so a after that PF pulled the IP. So my question is has anyone seen this before?
-
are you sure your vlan setup is working as it should? (i've seen odd things when untagging multiple vlans on the same port, on some switches)
what if you plug an other device in the "wan' port of the hp switch?
-
Actually I should have mentioned I connected my laptop to the wan port on the hp and had no problem pulling an IP. So it seems that the problem was related to the pfsense vm. Also if i just connect Pf's wan port to the vlan no trunking everything works fine. I only see this problem when trunking.
-
you allowed all vlans to pass on the vswitch? think its called vlan 4096 or something in esxi
-
I have ran Pfsense in a few different modes namely virtual guest tagging and virtual switch tagging. When I was running virtual guest tagging I did use tag 4096 that way all tagging was handled by Pfsense directly. I don't remember if I had this problem when letting PF handle the tagging. Now when I went to using virtual switch tagging. I had a port group coming off the vswitch with my wan vlan tag thats when I started having problems where PF could not pick up a wan iP without rebooting several times. So I than switched to using a dedicated vswitch for the wan with no trunking.
-
Cable modems, while extremely powerful, are dumb devices. When set to DHCP, they basically set a static map/DHCP lease to the first MAC they see. What probably happening is your cable modem sees the switch and automatically assigns its MAC to the lease preventing the MAC of your PfSense Nic (physical or virtual) from seeing it. On Cisco switches, you must disable CDP and possibly LLDP to make this work. Even then you run the risk of it seeing the MAC of the NIC and then not allowing a lease to the virtual NIC, if that's how you're configured. What does your port config look like for your WAN VLAN port on your Dell? Honestly this setup works best when you have a static IP, its just a limitation of utilizing a non-enterprise grade connection. Honestly, a physical box with two ports is a hell of a lot less headache when using DHCP on a cable modem.
-
I've seen all sorts of nonsense with getting DHCP from my cable modem and that was directly into physical WAN port. If I change MAC addresses on my WAN I never know how long it's going to be before I'm up and running again. Might be immediate, might take three restarts, might have to call the cable company so they can do the voodoo they do so well.
I've always chalked it up to them having to go to extreme measures to prevent pool exhaustion attacks - make it nearly impossible to get a new lease.
Next time my IP changes I'll probably generate a virtual MAC and put it in my WAN config so I can change hardware at will. http://www.hellion.org.uk/cgi-bin/randmac.pl
-
No need to wait for that. A simple power cycle will cause it to create a new static map process. I run in to this same issue because my freebie Meraki switch doesn't allow disabling of CDP and LLDP. Lets just say it's nightmare to get it to static map to the correct MAC.
