No DHCP on LAN interface after assigning VLAN
-
I've assigned a new VLAN (110) to my LAN interface as you can see from the pic below. I've turned DHCP on that interface but I can not get an IP from any client making a DHCP request. If I assign static IP in that VLAN 110 subnet range, I can communicate just fine with other devices on the same network, access pfSense through the gateway address, and access the internet.
I've connected the LAN interface to a switch and tagged VLAN 110 on that port and untagged the other ports on the same switch for VLAN 110.
What am I missing?
EDIT: I'm also seeing blocks in my firewall coming FROM my LAN address (10.0.110.50 is my PC) even though I have put an any/any rule in.
-
So just for the heck of it I changed my LAN interface back to igb1 and disabling VLAN 110 and taking all VLAN tags/info off my switch. Before implementing VLAN 110 my LAN subnet was 192.168.4.0. As soon as made this change my PC got a DHCP address in the 192.168.4.0 range which makes ZERO sense because the DHCP server on pfSense for my LAN interface is currently set to the 10.0.110.0 network (VLAN 110).
EDIT: Also seeing these messages in the pfSense console: miniupnpd[50950]: SSDP packet sender 10.0.110.50:62705 not from a LAN, ignoring.
-
So your DHCP server isn't set to assign addresses in the 192.168.4.0 range? And you haven't got any DHCP settings assigned to any other interface other than igb1? Have you inspected your /conf/config.xml file to be sure that the DHCP range showing in your config matches the config file? Other than some kind of internal mismatch, I could only suggest that either you have a DHCP service running on the igb1 interface that you've somehow missed or that you may have another DHCP server operating internally somewhere. Removing the VLAN tag on your port and your internal interface is allowing DHCP to function correctly (to a degree), so there has to be a DHCP service running on either the pfSense or another machine.
Might help if you could include a screen grab of any/all DHCP settings for each interface (where applicable).
-
As muswellhillbilly already mentioned : this is often what happens when there is an AP in the LAN segment with an enabled DHCP server.
-
The only other possible device that could be running DHCP on my network is my AP but I've checked and DHCP is disabled on it. Furthermore I unplugged it completely to be sure that wasn't the cause. I checked the config.xml file and the LAN interface DHCP is set just as it is in the GUI pic below:
-
DHCP request are logged on pfSense.
Any trace (about your 192.168.4.0) ?
Another test : unhook pfSense. Your PC is still getting an IP ?
-
Hi JimPhreak,
I have a very similar problem: I switched the VLans from my OPT Port to the LAN Port and DHCP stopped broadcasting. Do you remember how you fixed that problem?
To specify what I did:
I have 4 Ports that were working just fine before I made the changes.
Before:
sk0 (WAN): Default Wan Port
sk1 (Opt1): Used for my first Backup WAN.
sk2 (Opt2): Connecting to my managed switch to connect my APs that have 3 VLans (Appx (10), Mobiles (20), Guests(99)).
sk3 (Lan): Backdoor for recovery.After:
sk0 (WAN): -no changes-
sk1 (Opt1): -no changes-
sk2 (Opt2): Now a WAN Port for my Backup UMTS.
sk3 (LAN): Now Lan + the 3 VLans.After I made the changes the Backup UMTS works, and every Client that hat an IP before also worked. Users that had not connected in a while or renewed their lease could not get an IP from the DHCP.
What I tested:
- DHCPd Server is running and was restarted (aswell as the whole box).
- Deactivated the LAN Interface so only the 3 VLans would be on the sk3 Port.
- Plugged in a cable from a PC directly in LAN and a Port of the Switch that worked before.
Any ideas what else to test? Here is my Interfaces config with a few comments:
<interfaces><wan><enable><if>sk0</if> <blockpriv><blockbogons><ipaddr>dhcp</ipaddr> <dhcphostname><alias-address><alias-subnet>32</alias-subnet> <dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path><spoofmac></spoofmac></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></alias-address></dhcphostname></blockbogons></blockpriv></enable></wan> <lan><if>sk3</if> <alias-address>192.168.178.197</alias-address> <alias-subnet>32</alias-subnet> <spoofmac><enable><ipaddr>10.0.1.254</ipaddr> <subnet>24</subnet></enable></spoofmac></lan> <opt1><if>sk3_vlan20</if> <enable><spoofmac><ipaddr>10.0.20.254</ipaddr> <subnet>24</subnet></spoofmac></enable></opt1> <opt2><if>sk3_vlan99</if> <enable><ipaddr>10.0.99.254</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac></enable></opt2> <opt3><if>ovpnc1</if> <spoofmac><enable><blockpriv><blockbogons><alias-address><alias-subnet>32</alias-subnet></alias-address></blockbogons></blockpriv></enable></spoofmac></opt3> <opt4><if>sk3_vlan10</if> <enable><ipaddr>10.0.10.254</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac></enable></opt4> <opt5><if>sk2</if> <enable><spoofmac><blockpriv><blockbogons><ipaddr>dhcp</ipaddr> <dhcphostname><alias-address><alias-subnet>32</alias-subnet> <dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></alias-address></dhcphostname></blockbogons></blockpriv></spoofmac></enable></opt5> <opt6><if>sk1</if> <enable><alias-address>10.0.30.58</alias-address> <alias-subnet>24</alias-subnet> <spoofmac><ipaddr>dhcp</ipaddr> <dhcphostname><dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></dhcphostname></spoofmac></enable></opt6></interfaces>
DHCP Config
<dhcpd><opt1><range><from>10.0.20.1</from> <to>10.0.20.253</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt1> <opt2><range><from>10.0.99.1</from> <to>10.0.99.250</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt2> <opt4><range><from>10.0.10.20</from> <to>10.0.10.250</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt4> <lan><range><from>10.0.1.10</from> <to>10.0.1.250</to></range> <failover_peerip><defaultleasetime><maxleasetime><netmask></netmask> <gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime> <enable></enable></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></maxleasetime></defaultleasetime></failover_peerip></lan></dhcpd>