Using Opnsense as DHCP server

Started by loganx1121, October 19, 2019, 01:37:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 19, 2019, 01:37:23 AM
So I would like to use the firewall as a DHCP and DNS server, but I figured I would do DHCP first. The topology looks like this

Opnsense Firewall

|

Core Cisco Switch

|

Cisco Access Switch

/ \

Everything else



So on the core switch, I made a test Vlan, with a SVI. IP address 10.5.9.1 255.255.255.0

The firewall connects to the core switch with a /30 - 10.5.97.0 255.255.255.252

I set the helper address on the SVI to be the IP of the LAN interface on the firewall, but I guess Opnsense doesn't like this because when I try to configure an "additional pool" on the LAN interface under DHCPv4, it says the network is outside the range of the interface.

So I guess my question is, is this not a thing? Do I need to do something weird with the Vlans or have the Vlans hosted on the firewall? I tried adding a new gateway to the LAN interface on the firewall within the test Vlan range but it didn't make a difference. I had assumed I could have Opnsense hand out IP's for whatever range I wanted over a single interface but it looks like I can't?

Thanks in advance
October 19, 2019, 05:12:29 AM #1
It looks like what you are doing is trying to use dhcp helper/relay type configuration. ISC dhcpd does support it but this feature is not currently implemented in either *sense project. They may not have enough people demanding it to make it worth the time it would take to implement/it is probably lower on the priority list unless someone wants to step up and implement it in a good way. There are several issues on github for this already including https://github.com/opnsense/plugins/issues/1105

In general I would say if your network is large enough to need the complexity of the dhcp relay you would probably be better served by building your own dedicated hosts for it anyway in which case it shouldn't be an issue. To set things up the way it is currently you would just need to create vlan interfaces on the OPNsense firewall, you will need ip addresses and access to the networks you want to have connect to the internet or other networks anyway right? In my mind its not a big deal for most smaller networks to just set it up the straight forward way...

In case you just missed it look under interfaces, other types, vlan, and you can click the add button. All you need then is the parent interface it will be on and the vlan tag.
October 20, 2019, 06:34:09 AM #2
I found some convoluted way to do it in an article and decided it wasn't worth the time.  Spun up a windows DHCP server instead.  Thanks for the response.
Print
Go Up Pages1
User actions