Adam thanks so much,
I've performed steps 1-4 & 6. My current setup is limited to a
single physical interface so I have to use 802.1q tagging for all my pf
interfaces. This works great with a dedicated nic into the charter modem.
Wade Blackwell
Solutions Architect
(D) 805.457.8825
(C) 805.400.8485
(S) coc.wadeblackwell
On Sat, Mar 22, 2014 at 11:20 AM, Adam Thompson <[email protected]>wrote:
> On 14-03-22 01:09 PM, Wade Blackwell wrote:
>
> Good morning all from the very dry Central Coast of California,
> So Still struggling with PF on esxi 5.1 and Charter DHCP
> responses never being received. Mark I did confirm the cheap SMB switch I
> have doesn't support DHCP snooping. Sean I did confirm that CDP was
> disabled on the Charter side. I made 3 changes one at a time and I was
> hoping that one of them would affect a change, no such luck. Changes in
> order;
>
> moved from a standard virtual switch (esxi 5.1) to a distributed virtual
> switch
> changed the interface type in PF to VMXnet2 from e1000
> and finally
> tried trunking all the way down to the OS creating vlan interfaces on the
> PF (not sure why I thought more abstraction from the hardware would be
> better)
>
> So all that said I can still see allot of layer 2 activity on the
> interface, Gratuitous arps and dhcp requests and offers being bandied about
> but I never do see my responses come back. I see them head out never to
> return. Anyone else seeing this (with any provider) issue with PF in
> software? I'm fairly remote and ATT PPoE is fine for backup but it's
> painfully slow for VOIP and every day use. Any suggestions would be
> fabulous. Thanks all.
>
> On Wed, Oct 30, 2013 at 4:54 PM, Sean Cavanaugh
> <[email protected]>wrote:
>
>> Make sure to set "no cdp enable" on the port that's going to your cable
>> modem. A lot of cable companies will shut down connections that broadcast
>> those by default so as not to broadcast the networks together.
>>
>> I had same issue with my Comcast connection until I found out about the
>> CDP issue.
>>
>> *From:* [email protected] [mailto:
>> [email protected]] *On Behalf Of *Wade Blackwell
>>
>> *Sent:* Saturday, October 26, 2013 4:00 PM
>> *To:* [email protected]; [email protected]
>> *Subject:* [pfSense] 802.1q dhcp and pf 2.1 and esxi 5.0
>>
>> I have *2.1-RELEASE *(amd64) running on esxi 5.0 with a Cisco
>> managed L2 switch (SG200-26) in between esxi and the charter cable modem. I
>> see my dhcp discovers go out (broadcast) I never see any dhcp traffic come
>> back. Charter's been out a few times, they did determine that they see my
>> discover and they respond though I don't see the reply. With a dedicated
>> interface they can get an address off the modem. ASCII art below;
>>
>> charter cable modem--g24 cisco vlan 5---esxi vlan5--pf em0.
>>
>> I've tried this dedicating a vnic to a standalone vswitch with no 802.1q
>> and I've tried 802.1q on the esxi side. The cable modem port is always an
>> access port in vlan 5. STP has been disabled on the charter modem port.
>> Every port has portfast enabled and the mac timers have been cranked down
>> to the minimum, 10 seconds I believe. I've captured traffic from vlan 5 and
>> g24 (cable modem port) and seen the same thing, dhcp discovers go out,
>> nothing comes back. I'm thinking there has to be a handful of folks on this
>> list who have dealt with this and succeeded. Any advice would be fabulous,
>> I'd like to keep my L3 in software if I can. Thanks so much.
>>
>
> Start over from first principles, then.
> 1. Plug a laptop or PC directly into the Charter modem. Verify that it
> gets a DHCP-assigned IP.
> 2. Run the pfSense LiveCD or USB image on that same hardware. Verify that
> it gets an DHCP-assigned IP.
> 3. Repeat with a different NIC (use another PC/laptop if necessary); maybe
> Charter limits the # of distinct MAC addresses the modem will learn (my
> local cableco does this). Rebooting the modem is usually sufficient to
> clear that, but some carriers require a call to tech support.
> 4. Connect a dedicated pNIC on the ESXi box to the cable modem; create a
> dedicated vSwitch and a dedicated vKernel port set to DHCP; verify it gets
> a DHCP-assigned IP.
> 5. Remove the vKernel port and create a vNIC; assign that to the pfSense
> VM. Verify it gets a DHCP-assigned IP.
> 6. You can also try hardcoding the MAC address of the vNIC to be the same
> as one of the previously-functional NICs, if it's a #-of-MAC-addresses
> problem.
> 7. Lastly, do all this again through the switch.
>
> Yes, that's a fair bit of work, but it should show you 100% conclusively
> where the problem lies. I'm betting the problem will either manifest at
> step #2 or at step #7.
>
> --
> -Adam Thompson
> [email protected]
>
>
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
