pfSense Support Subscription

Author Topic: No LAN dhcp leases on a netgear gs108t physical switch  (Read 2770 times)

0 Members and 1 Guest are viewing this topic.

Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #60 on: April 20, 2017, 09:48:39 am »
To answer your questions:

Port 7 is esxi box w/pfsense. 

1.  It's set to 1 because initially I wanted to test it with the LAN interface only (no vlans).  Once I got it working for LAN, I would then start testing and tweaking for the rest... but I haven't gotten that far.

2.  Port 8 is the uplink to port 1 on the cable modem for internet. You are right, I think I need to untag port 8 for vlans 10 and 20, correct?

3.  vswitch1 is my wan segment connected to physical nic.  vswitch0 is for all other lan and vlan connections.

4.  I have my wan interface assigned to an OPT3 for wan vlan.  So on my list of interfaces, I only have 4 - WAN on OPT3, LAN, VLAN10 on OPT1, and VLAN20 on OPT2.


Another question:

1. I noticed you have various interfaces assigned to the same OPT1.  Right now my vlan10 is OPT1 and vlan20 is OPT2.  Should they be both on OPT1?


« Last Edit: April 20, 2017, 10:36:51 am by KR »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 13146
  • Karma: +1155/-152
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #61 on: April 20, 2017, 10:39:44 am »
" Right now my vlan10 is OPT1 and vlan20 is OPT2.  Should they be both on OPT1?"

As I said before this would depend on where you breaking the tag out.  If you going to remove the tagging via a port group on vswitch then you would need multiple interfaces in pfsense tied to that specific port group.

If your going to let pfsense work out the tagging then you would pass all the tagged and untagged traffic to pfsense via the 4095 port group and pfsense would see the tagged traffic on its vlan interfaces and then any untagged traffic would hit the naked vm nic.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-BETA Aug 18 00:32:41 VM running on esxi 6.5 (home)

Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #62 on: April 20, 2017, 12:16:34 pm »
Okay... I thought it worked like this...

Pfsense would handle tagging of vlans for the portgroups that contain VMs and the netgear switch would handle tagging of devices physically connected to it.  If there is a way to just have one do all the work maybe that's easiest?

"If you going to remove the tagging via a port group on vswitch then you would need multiple interfaces in pfsense tied to that specific port group

Maybe I'm missing something fundamental here...

Why would I ever want to remove any tagging? The purpose here is to tag and organize everything into LAN, vlan10, and vlan20.  LAN being native may not need to be tagged if the default is pvid=1.

"If your going to let pfsense work out the tagging then you would pass all the tagged and untagged traffic to pfsense via the 4095 port group and pfsense would see the tagged traffic on its vlan interfaces and then any untagged traffic would hit the naked vm nic."

This just sounds much more reasonable, no? 

I used this as guide initially - https://calvin.me/vlan-pfsense/.  Granted this person has 2 nics but my setup is a bit like it with just 1 nic.

Per this link, LAN has 4095 and all other vlans are set in pfsense it seems.  You don't "create" vlans in exsi, correct? It's just for grouping/labeling purposes right?

With this and the screenshots I posted in mind, how can I achieve this using the netgear and esxi?

NOYB suggested putting wan on a vlan because I have 1 nic.  How can I then have vlan10 and vlan20 encompassing VMs in pfsense and physical connections on the netgear, all with internet access?
« Last Edit: April 20, 2017, 02:12:48 pm by KR »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 13146
  • Karma: +1155/-152
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #63 on: April 20, 2017, 02:31:21 pm »
"Why would I ever want to remove any tagging?"

Because the device your connecting too does not understand the tag.. This is pretty much every single switch port ever.  You connect a computer to a switch port.. The computer does not have to be configured to understand vlan tag X.. He just sees the traffic - the PC doesn't know that its in vlan X or Y or Z, etc..

If your going create a vswitch with a vlan ID this means that any devices connected to this port group would only see traffic that was tagged to that vlan.  But the actual vm interfaces connected to this vswitch wouldn't know what vlan they are in.. Just like a pc connected to a switch port.

If you want to pass ALL the traffic - untagged and tagged you set 4095.  This way the tagged traffic would be handed off to the vm nic, and the vm nic would have handle the tagged traffic and say oh that is mine process it, oh that is not my vlan ID.. ignore it.. So in pfsense if you would have to create vlans for all the vlan IDs your going to be sending it.

Yes this can be done very easy with a managed switch and with esxi.. You just have to understand the difference between tag and untag traffic vlans.  The only time traffic is normally tag in a switch is when its an uplink to another switch or being handed to a device that will process the tags.  Ports (access ports) with 1 device connected to them strip the tag.. if you didn't then you would have to config that device for the vlan tag you were handing it.

If I get a chance I will draw this up for you...  What vlans are coming from your isp device?  You have untagged traffic which is what your internet?  And then this vlan 99 which is what?  And then your other vlans 10, 20 are for your own use..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-BETA Aug 18 00:32:41 VM running on esxi 6.5 (home)

Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #64 on: April 20, 2017, 02:44:42 pm »
What vlans are coming from your isp device?  You have untagged traffic which is what your internet?  And then this vlan 99 which is what?  And then your other vlans 10, 20 are for your own use..

I just created that per NOYB's advice given I only have 1 nic earlier on in this thread.

(I really appreciate your help here).

Offline NOYB

  • Hero Member
  • *****
  • Posts: 1726
  • Karma: +159/-273
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #65 on: April 20, 2017, 02:49:16 pm »
John,
VLAN 99 is the WAN, per the switch config I provide.  It can be any VLAN number (as you know).  99 is what I use.  If it is easier to use some other number such as a default of the VM then it can be change to that.

It just takes tagged traffic from pfSense/VM in on switch port 7, and sends it out on port 8 untagged to the modem.  Simple as that.

Port 7 is also an untagged member of the default VLAN 1 (LAN).

Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #66 on: April 20, 2017, 06:27:19 pm »
I'm going to tackle this one broken piece at a time.

Goal - to obtain internal pfsense LAN IP lease with laptop plugged into port 1 on net gear switch.

Current configuration - VLAN ID 1 on switch has port 1 untagged, 7 tagged (esxi/pfsense), 8 untagged (uplink to cable modem). Pvid = 1.

Result - a 169.x.x.x address (boooo)

Not sure why this does not work. Exsi has a port group "LAN" that is assigned to VLAN 4095, of which the pfsense vm is a member.

I just tried vlan 1 and 0 as well, neither work.

Pfsense has dhcp server enabled for LAN and the VM in the LAN port group is successfully obtaining a lease.

« Last Edit: April 20, 2017, 06:43:46 pm by KR »

Offline NOYB

  • Hero Member
  • *****
  • Posts: 1726
  • Karma: +159/-273
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #67 on: April 20, 2017, 07:15:37 pm »
Seriously?  Come on dude.  Give us a break.  How could it work?  There is no VLAN 4095 configured in the switch.  And no VLAN 1 configured in the VM/pfSense.

Either configure a VLAN 4095 in the switch or go the other way and configure VM/pfSense to use VLAN 99 for the WAN and native (untagged) for the LAN, like we had the switch setup for.

Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #68 on: April 20, 2017, 07:23:46 pm »
Pfsense has that all configured already and as I stated, it still does not work with vlan set to 0 in exsi.

Setting vlan to 0 in exsi implies native and untagged, correct?
« Last Edit: April 20, 2017, 07:42:39 pm by KR »

Offline NOYB

  • Hero Member
  • *****
  • Posts: 1726
  • Karma: +159/-273
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #69 on: April 20, 2017, 08:27:34 pm »
You're are configuring things with nothing matching at the other end.  Stop throwing mud at the wall to see it something will stick.  Learn how to configure your pfSense/ESXi to match the network you want.  Or at the very least the network we configure.  i.e. LAN native, WAN VLAN 99.  That network will work if you configure the pfSense/ESXi accordingly.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 13146
  • Karma: +1155/-152
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #70 on: April 21, 2017, 01:07:36 am »
4095 on a vswitch just tells the vswitch to pass the vlan traffic as is..

so your isp is not giving you tagged traffic?  There is no untagged and tagged traffic coming from your modem??  This traffic coming in from your modem untagged?

Then put the port connected to the modem in PVID 99, no other vlans on this port
Your port connected to the esxi nic would be tagged 99,10,20,30, etc..
Your port group you connect to pfsense wan vm nic would be vlan 99
Your port group you connect to pfsense lan vm nic would be say vlan 10
your port group you connect to pfsense opt vm nic would be vlan 20
your vmkern put that on vlan 10 as well.  So now devices on your lan would be able to get to vmkern.  Your vmkern IP would be an IP in your pfsense lan network.

Now just put your other ports on your switch in either vlan 10 for your lan or vlan 20 for opt, or vlan 30, etc.. just continue with how many vlan/networks you need.

There will be no tagging in pfsense.  Pfsense will have a vm nic connected to the different port groups on your vswitch.

What IP is your management IP of your switch on?  My guess is this vlan 1 and can not be changed.. If that is the case then use your lan vlan as 1 and tag it on the traffic going to your esxi nic.
« Last Edit: April 21, 2017, 01:10:49 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-BETA Aug 18 00:32:41 VM running on esxi 6.5 (home)

Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #71 on: April 21, 2017, 06:18:45 am »
Is this what the switch is supposed to look like? I am keeping the native vlan1 for lan as a fallback....

When you say port groups, you are referring to  the port groups in EXSi correct?

In EXSi, I have...
- native vlan 1 on nic and native 0 in EXSi
- wan port group on vlan 99
- opt1 vm nic on vlan 10
- opt2 vm nic on vlan 20

and I added additional nics to pfsense for the additional interfaces above...

To the best of my ability, the excel switch config layout is consistent to what you suggested with the only difference being my wanting to retain the default native vlan for lan fallback purposes.

It seems I may have overlooked where the vmkern is... I have vmkern on my management network only... maybe this is where the action is at. I  pretty much left it alone since exsi was installed and I have not yet come across any instructions on what to do with it.



Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #72 on: April 21, 2017, 06:34:43 am »
I'm getting rid of the native lan 1 and doing as you suggested.  I'll provide an update soon.

Offline KR

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #73 on: April 21, 2017, 07:16:01 am »
Odd - when I try to add the vmkern to LAN exsi port group, pfsense vm disappears and I'm unable to select this portgroup for the vm's nic.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 13146
  • Karma: +1155/-152
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: No LAN dhcp leases on a netgear gs108t physical switch
« Reply #74 on: April 21, 2017, 07:31:04 am »
your not going to add it to the same port group.. Your going to use the same vlan tag..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- If I have helped you and want to help back, https://www.freebsdfoundation.org/donate/
- Please don't PM me for personal help, info you don't want public sure. Link to thread you would like me to look at ok, etc.
1x SG-2440 2.3.4_p1 (work)
1x 2.4.0-BETA Aug 18 00:32:41 VM running on esxi 6.5 (home)