Hello,
I am working on a new network setup for an organization, I am attempting to use a Windows 2022 Server as a DHCP server for all VLANs. The routing is being done with a pfSense system and all switches are various Mikrotik CRS354s and CRS326s. DHCP scopes are built for all VLANs, I have DHCP relays running on the pfSense interfaces for the respective VLANs. However I can only get DHCP assignments for only 2 of the 5 VLANs/Scopes. The "LAN" scope (VLAN 1), and the VLAN that the DHCP server resides on (VLAN 4).
I have wireshark running on the interface of the DHCP server and I see 2 DHCP Discovery packets, one from 0.0.0.0 to 255.255.255.255 and one from the respective DHCP Relay. I think this is where my issue is, since the DHCP server tries to offer a IP from the VLAN 4 scope while these clients are on VLANs 2, 3, and 5. So the process ends up in a NACK.
It appears the DHCP Discovery packet is bleeding over from one VLAN to the other, how would I stop that. I have enabled DHCP snooping on the bridges but I am drawing a blank how I would make the DHCP relays on the pfSense box "trusted"
The various switch configurations are basically the same, 1 Bridge with VLAN filtering enabled, Trunk Ports have all VLANs tagged, All physical ports are members of the only bridge, Hardware offloading enabled on each port and the switch chip.
Any advise would be greatly appreciated, thanks!
I am working on a new network setup for an organization, I am attempting to use a Windows 2022 Server as a DHCP server for all VLANs. The routing is being done with a pfSense system and all switches are various Mikrotik CRS354s and CRS326s. DHCP scopes are built for all VLANs, I have DHCP relays running on the pfSense interfaces for the respective VLANs. However I can only get DHCP assignments for only 2 of the 5 VLANs/Scopes. The "LAN" scope (VLAN 1), and the VLAN that the DHCP server resides on (VLAN 4).
I have wireshark running on the interface of the DHCP server and I see 2 DHCP Discovery packets, one from 0.0.0.0 to 255.255.255.255 and one from the respective DHCP Relay. I think this is where my issue is, since the DHCP server tries to offer a IP from the VLAN 4 scope while these clients are on VLANs 2, 3, and 5. So the process ends up in a NACK.
It appears the DHCP Discovery packet is bleeding over from one VLAN to the other, how would I stop that. I have enabled DHCP snooping on the bridges but I am drawing a blank how I would make the DHCP relays on the pfSense box "trusted"
The various switch configurations are basically the same, 1 Bridge with VLAN filtering enabled, Trunk Ports have all VLANs tagged, All physical ports are members of the only bridge, Hardware offloading enabled on each port and the switch chip.
Any advise would be greatly appreciated, thanks!
Statistics: Posted by Libertas — Fri Mar 21, 2025 2:36 am