× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973

Devices on VLAN do not get IP from DHCP

DeeDee123
Tutor

Devices on VLAN do not get IP from DHCP

Dear NETGEAR community,

 

I have been banging my head for a long time now and seek advice from you folks that are much more experienced than me. Please if you need additional info or clarification, I will provide it as fast as I can. Below, I tried to make a clear description:

 

What I am trying to do:

 

- Create a separate subnet to add my workstations to, it will be subnet 10.1.16.0 /24

 

 

My Issue:

 

- My workstation on the VLAN isn't able to communicate with any network devices and gets no IP from my DHCP server

 

 

Overview of my setup:

 

- Current and only  working Subnet: 10.1.8.0/21

 

- Physical layout: 

ISP Modem  --->  Pfsense box (10.1.10.1)  --->  Netgear XS716T smart managed Pro switch (10.1.10.109)  --->  Windows server domain controller w/ DNS+DHCP (10.1.10.8), pcs, wifi router, printer

 

- DHCP: Devices get their IP addresses assigned from Windows Server DC DHCP that has ip 10.1.10.8, the DHCP Scope is 10.1.8.0 /21

 

- Switch is latest firmware, as is everything on my network

 

- Current setup is working with no issues.

 

 

What I have done so far but not working:

 

  • Created a new scope in my existing windows server DHCP for 10.1.16.0/24, range of 10.1.16.100 - 10.1.16.200

 

  • Under pfsense -> interfaces -> assignments -> VLANs, I created a VLAN with VLAN tag 2 on interface ix2 (Note: interface ix2 is an unused port on a dual NIC card. The other port is being used for the original LAN I setup for my existing setup)

 

  • Under pfsense -> interfaces -> assignments, I added VLAN 2 on ix2

 

  • I then edited the VLAN 2 on ix2 interface to be Static IPv4, IPv4 Address 10.1.16.1/24

 

  • I plugged in a new ethernet cable from the ix2 port on pfsense box to my switch on port 3

 

  • Plugged in my laptop to port 13

 

  • windows server DC DHCP is plugged into port 12

 

  • Under netgear switch -> Switching -> VLAN -> VLAN Configuration, I added VLAN ID 2

 

  • Under Routing -> VLAN -> VLAN Routing Configuration, I edited VLAN 2 with ip address 10.1.16.2, subnetmask 255.255.255.0, MTU 1500

 

  • Enabled Routing Mode

 

  • Under Switching -> VLAN -> Advanced -> VLAN Membership, for VLAN ID 2, I set port 3 as T (This is my PFSENSE VLAN ethernet connection) and port 13 as U (this is where my laptop is plugged into)

 

Under VLAN 1, Port 3 and Port 13 are blank

 

  • Under Switching -> VLAN -> Advanced -> Port PVID Configuration, Port 3 is set to PVID 1 and port 13 is set to PVID 2

 

  • Ipconnfig /renew on my laptop and it doesn’t get an IP and cannot contact anything on my network
  • I even enabled DHCP L2 Relay on VLAN ID 2 (not sure if needed) and on port 3 and 13, then enabled DHCP snooping on VLAN ID 2

 

Thank you!

Model: XS716T|16-Port 10-Gigabit Copper Smart Managed Pro Switch with 2 Copper/SFP+ Combo Ports
Message 1 of 8

Accepted Solutions
DeeDee123
Tutor

Re: Devices on VLAN do not get IP from DHCP

Hi DaneA,

 

Thanks for getting back to me! I think i found the issue to my problem. It was my DHCP server now being able to route back to my pfsense box because I removed the default gateway from the dhcp server's nic interface.

 

I think I should be able to get it working now!

 

Thanks agani!

View solution in original post

Message 8 of 8

All Replies
DeeDee123
Tutor

Re: Devices on VLAN do not get IP from DHCP

Could someone please help?

 

On my pfsense interface, I have a 10.1.11.0/24 interface plugged into a small switch. (dhcp relay enabled on pfsense)

That switch is then plugged into my main netgear switch in port 13.

 

On my main netgear switch, I also have a 10.1.10.0/24 interface plugged into port 2.

 

On my main netgear switch, I have DHCP server plugged into port 12.

 

I made a DHCP relay VLAN on the netgear switch as VLAN 200.

 

Which settings and to which ports do I apply the settings to on my netgear switch??

Message 2 of 8
DaneA
NETGEAR Employee Retired

Re: Devices on VLAN do not get IP from DHCP

@DeeDee123,

 

For me, I think DHCP L2 Relay is not needed because when you configured the 10.1.8.0 network on the Windows DHCP Server (the current setup), it works. 

 

Kindly post a detailed diagram of your network setup showing how everything is connected. I'm sorry for I'm kinda confuse in laying out how is everything connected following what you have stated on your posts.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 3 of 8
schumaku
Guru

Re: Devices on VLAN do not get IP from DHCP

Very confusing, agree with @DaneA that some additional and ideally complete design sheet might help.

 

Two points:

 

Suspect there is an inconsistency between the VLAN config for VLAN 2 on the pfsense (dedicated port) and the switch port - for thes VLAN 2 connection, it either has to be run tagged on both ends of the link, or untagged. If it's untagged, the VLAN ID 2 must be reflected in the same PVID 2.

 

As you seem to establish dedicated links for the two VLANs, I can't see why you think about enabling routing on the switch, or on enabling any DHCP helpers. You should have to complete independent L2 netwrks implemented as VLANs.

Message 4 of 8
DeeDee123
Tutor

Re: Devices on VLAN do not get IP from DHCP

Hi DaneA and schumaku,

 

I have drawn a diagram of my setup physically and details. I hope it lessens to confusion, but let me know if you need anything else!

 

I attached it.

 

To keep it super simple, for my first attempt, I am: (I can work towards a more complicated setup after I get this simple setup working)

 

- creating a 1 VLAN on my PFsense box attached to LAN interface ix3. This VLAN is tagged as 2 and has IP of 10.1.11.1 / 24. The LAN ix3 interface is plugged into port 2 of my switch.

 

- On my switch config, switching -> VLAN -> VLAN configuration, I created a VLAN 2

 

- On VLAN membership, in VLAN 1 all ports are put as (U). On VLAN 2, Port 2 is tagged as (T) and Port 13 is put as (U), all other ports are blank. Port 13 has my laptop plugged into it but not getting an IP.

 

- On Port PVID Configuration, I set port 13 to PVID 2

 

- I disabled all DHCP relays and routing that I made earlier.

 

Thanks!

 

Message 5 of 8
DeeDee123
Tutor

Re: Devices on VLAN do not get IP from DHCP

Or if you guys have any other suggestions of setting up my network, i'm open to that!

 

I'm just looking to seperating networks for workstations, servers and devices (like cameras and printers) on seperate subnets to increase security on the network.

 

I'm looking for the most secure, while also having the ability for subnets to talk to each other (or parts of them like dhcp). Even if it's not using vlans and requires additonal switches!

Message 6 of 8
DaneA
NETGEAR Employee Retired

Re: Devices on VLAN do not get IP from DHCP

@DeeDee123,

 

Let us try the following below:  

 

Does your pfSense router supports DHCP L2 Relay Agent?  If yes, then you will need to enable and configure it on the pfSense router.  

 

On the XS716T web-GUI, go to System > Services > DHCP L2 Relay > DHCP L2 Relay Global Configuration.  Select Enable and click Apply.  

 

Go to System > Services > DHCP L2 Relay > DHCP L2 Relay Interface Configuration. Select the port members of VLAN 2.  Then on both Admin Mode menu and 82 Option Trust Mode menu, select the port members of VLAN 2 and click Apply.  

 

Make sure that ports 2 and 12 are set as tagged ports on all VLANs with PVID = 1.  Port 13 should be set as untagged port to VLAN 2 with a PVID of 2.  

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 8
DeeDee123
Tutor

Re: Devices on VLAN do not get IP from DHCP

Hi DaneA,

 

Thanks for getting back to me! I think i found the issue to my problem. It was my DHCP server now being able to route back to my pfsense box because I removed the default gateway from the dhcp server's nic interface.

 

I think I should be able to get it working now!

 

Thanks agani!

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 12221 views
  • 1 kudo
  • 3 in conversation
Announcements