M4100 DHCP over VLAN eating packets

Question

I have the following setup:
&nbsp;
pfSense Firewall -&gt; Cisco Switch (servers) -&gt; Cisco Switch (users) -&gt; M4100-D10e -&gt; Cable Modem
&nbsp;
The pfSense firewall does the routing and NAT and is VLAN aware.&nbsp; &nbsp;I have VLAN's setup for internal users, and back-end servers, as well as untrusted internet.&nbsp; The link beteween the M4100 and the Cisco switch is a VLAN trunk and needs to pass trusted and untrusted VLANs between it. The link between the cisco switches is also a vLAN trunk.
&nbsp;
The trouble I have is, with the M4100 in place, DHCP REQUEST packets from pfSense are not making it to the Cable Modem.&nbsp; If I replace the M4100 with a dumb media converter, and change the trunk to a port assigned to the untrusted vLAN, things work as expected.&nbsp; With the M4100 in place, the cable modem seems to think that the it's Client is the M4100 (it tries to reserve an IP for the MAC of the port on the M4100)
&nbsp;
The DHCP and ARP and Relay settings on the router are fairly confusing, so I think I need help figuring out which ones to set to allow it to pass the DHCP packets without trying to intercept them.

JohnC_V · Answer

Hi&nbsp;mwgmwg,

&nbsp;

Welcome to our community! :)

&nbsp;

As per checking, your pfSense firewall is at the bottom of your network which should be next to your cable modem. Is this how you want your network to be setup? Also, Have you tried setting up the M4100 in static?

&nbsp;

Regards,

mwgmwg · Answer

The pfSense firewall cannot be physically located where the cable modem comes into the building. They are about 800 feet apart and connected via fiber.
&nbsp;
I have not tried setting it up in 'static', I'm not sure what that means exactly.&nbsp; But I'm sure it would work if I can make the switch a dumb layer-2 switch with vlan support.

JohnC_V · Answer

mwgmwg,&nbsp;Then you can just create a port-based VLAN in order for it to work. You can set all the specific&nbsp;members with U or Untag then set the PVID to its corresponding VLAN ID.&nbsp;Regards,

mwgmwg · Answer

That's what I have already.&nbsp; I know how to use the VLAN tagging on the switch, and it's working fine.&nbsp; It's doing something with the IGMP DHCP Messages being sent through the VLAN trunk, such that they're not re-broadcast to the port where the Internet bridge is on.&nbsp; It seems like's its intercepting the messages, and re-transmitting them locally, but never sends them back.&nbsp; I want it to just pass the IGMP broadcast messages like normal.&nbsp;&nbsp;
&nbsp;
Trouble is, there are SO many options on this switch for how to handle IGMP, and I'm not sure which ones are enabled by default, and where to turn those off.

schumaku · Answer

Where should IGMP play a role in IPv4 DHCP? BOOTP/DHCP does make use of UDP IP broadcast - source 0.0.0.0, destination 255.255.255.255 with UDP on port 67 resp. UDP port 68 - for DHCP discovery, DHCP offer, and DHCP request, the final DHCP does make use of the assigned IP addresses. No IGMP Mulicast at all.

Forum Discussion

M4100 DHCP over VLAN eating packets

6 Replies

Related Content

M4100 USB Console Cable

C3000 eating up my bandwidth

M4100 12GF Firmware

gs108ev3 eats DHCP traffic

47% packet loss

NETGEAR Academy

ProSupport for Business