DHCP Not Passed through :(
DHCP Not Passed through :(
Problem
I know there is an earlier thread with this name. However even with significant knowledge an many hours spend, I did not manage the pfSense IPV4-DHCP-server to hand out an address to a PC connected to the SX3008. Strange enough IPv6 seems to work.
I describe the relevant part of the set-up below, complete with pictures. Things like local DHCP-server functions are disabled.
IMHO it should just work, but it does not !!!! (at least using e.g. using Mikrotik switches there is no issue at all)
The PC tries:
- to identify the vlan gate way, but does not get the related arp responses
- sends DNCP-discover frames (which are not answered / the answer is not arriving the PC
- the PC broadcasts ARP Who Has messages
- the PC in the end generate an "Automatic Private IP (169.254.0.0/16)" and keeps trying but never receives an address
If I assing an IP-address manually to the PC I can communicate over the network as expected.
But, getting an IP-address via the DHCP-server NO WAY !!
Really no Idea how to get this working !!
Louis
Situation
I am using pfSense firewall & router in combination with th SX3008F switch. The switch is connected to pfSense with a lagg containing many vlan's. The oter SX3008 porst are connected to other devices mostly via trunks containing multiple vlan's. The vlan-interfaces/gateways and the dhcp servers are situated on pfSense.
One of the vlan's in the pfSense trunk, is the management vlan. I manage the device remotely via that vlan (vlan10) .
One of the interfaces is directly connected with a PC. The PC is not aware of vlan's. So the related vlan is setup like this.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I hardly dare to say The DHCP-server on pfSense was off for that VLAN
Now the other problem, which was in fact the first problem, I discovered.
Given that the DHCP-problem is "solved", the verdict is more and more in the direction of the device / the NAS itself. I did already give that some attention in the past days, but I could not find any restrictions. I am going to check that more profound now !!!
- Copy Link
- Report Inappropriate Content
“The DHCP-server on pfSense was off for that VLAN”
Good one! 😉
“- vlan-Y client-C (PC), can access Clients A & B, however only if you manually assign client-C with an IP”
Check the VLAN configuration of the port Client C is connected to. The port should be an untagged member of vlan-Y and have its PVID set to the VID of vlan-Y. No other vlans. If that’s correct, check the DHCP server pool configuration on pfSense? Is there the right subnet? Is there the right gateway? Check the DHCP server’s client list. Can you find your Client C there?
“- Client A can be accessed via Client D
- Client B on the same vlan(!) can not be reached not pinged.”
Switch the ports Client A and Client B are connected to. Do testing. Use only IP addresses in testing. This should tell you if the issue is with the port or the Client B configuration. Make sure the Client B firewall does not block traffic from remote subnets.
BTW, if you have a NAS configured for DHCP, make it manual instead. You want to be able to access your NAS even if the DHCP server is not available.
- Copy Link
- Report Inappropriate Content
All my ^boxes^ with a wired connection and surely things like a NAS or a server have fixed addresses assiged on the device itself.
Then we have the groep a bit less esential wich become a fixed IP as defined in a list on the DHCP server.
I am glad to tell that I solved both problems now. And I am also glad to tell that it both cases it was not the switch (sorry to verdict the switch !!).
As always things become really complicated if multiple issues are present at the same time. And that was exactly the situation when I had to replace a switch in a relative complex setup.
- The switch was new to me so I did make some setting failures. You / I always do If I have to define many
- The stupid one the DHVP server simply being off for the particular vlan
- The fact that the SX3008 does behave a little bit different
- And there was a fault in the network part of the NAS giving trouble.
I had to do lots of test an traces to understand "what for the hell was going on". At the end I discovered that it was one particular vlan towards the NAS which caused problems. Knowing that andf then reviewing the NAS-network config, solved the problem.
I have one problem left, which is not unusual but perhaps you know a solution. The situation is as follows:
- I have two main switches each connected via a lagg towards pfSense.
- The 1G-switch has the managment vlan, which enters the SX3008 via a inter switch trunk
- The default route of the SX3008 is towards the vlan gateway of that lan
- that works no problem
However .... in case that the 1G-switch fails, I can not manage the SX3008 ano more, at lease not remote. The solution would be to define a second managment vlan arriving via the pfSense to SX3008 lagg.
And there I have a problem. Each vlan should have its own default gateway beeing the vlan gateway/interface. But I do not think the SX3008 support that ....
I have been asking myself if I could define vlan specific default gateways using ACL's. .... Just an Idea .... (I am not an ACL-expert!)
If there is no option, that is a pity but not a disaster, since I can localy access the switch
- Copy Link
- Report Inappropriate Content
“However .... in case that the 1G-switch fails, I can not manage the SX3008 ano more, at lease not remote. “
I don’t understand why you think you can’t.
“The solution would be to define a second managment vlan arriving via the pfSense to SX3008 lagg.”
Again, I don’t understand why you would need another VLAN for that. Even if the 1G switch is gone, the management VLAN will remain on pfSense. What would prevent you from connecting to it?
“And there I have a problem. Each vlan should have its own default gateway beeing the vlan gateway/interface. But I do not think the SX3008 support that ....”
The SX3008 does support routing. If you enable routing on it, you can create an interface (SVI) on the switch in any defined VLAN. However, that would complicate the network and it’s unnecessary since you do inter-VLAN routing on pfSense. That new VLAN you think of can still have its gateway on pfSense. Having that gateway on SX3008 would make the things more complicated.
“I have been asking myself if I could define vlan specific default gateways using ACL's.”
No, you can’t define VLAN specific gateways using ACLs. Actually, what do you mean by VLAN specific? I don’t think there is such a thing. However, ACLs can be used to alter routing through Policy Based Routing (PBR), but I don’t know how much support for that is on the SX3008. Anyway, I don’t think you need it.
- Copy Link
- Report Inappropriate Content
I think I did not explain the problem good enough.
pfSense connect a vlan with either switch-1 or switch-2.
I have choosen to link the managment vlan to switch-1
So there can not be a direct link between pfSense and switch-2
I order to solve that problem, I bring the mngt-vlan to switch-2 via an interswitch link
Switch-2 has limitations and has only one default gateway, so I use that gateway to poit to the mngt-vlan in the inteswitch link.
Given the fact that the switch only supports one default gateway, I can not create a second vlan, which should be routed to a different destination
(pfSense via the switch to pfSense lagg).
So I think I have two options:
1) not to use the normal managent vlan for this switch and define separate mngt vlan for that purpose which is connected to pfSense
2) Define a local backup managment lan, which can be access via a local port, using an ip belonging to that vlan
I did choose for option 2)
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1316
Replies: 16
Voters 0
No one has voted for it yet.