[solved] DHCP not working in VLAN setup

[Peter5567]

Good evening,

I think I need some help by configuring my setup. I thought it would be quite simple but now I am stuck for some time. I am using a (smart) managed switch from Netgear (GS324TP) and a OPNsense 24.7. I want to create separated VLANs on the switch with separated DHCP services provided by the OPNsense.

My switch has the IP address 192.168.100.10 and the default gateway 192.168.100.1 (static configuration). I created the VLANs 100 and 200 on the switch which are connected to the OPNsense on icg1 and icg2. Both ports used for the connection are configured as untagged (U). The switch is located in VLAN 100 (icg1; LAN on OPNsense)
On the OPNsense, I configured DHCP for both interfaces with IP ranges etc. Furthermore, I created a "allow all" rule for all clients in VLAN 200 (icg2 on OPNsense) for debugging purpose.

Unfortunately, I am not able to get an IP address on VLAN 200, nor I am able to reach anything even with a static configured IP address. In the logs I saw that my client is trying to get an IP address from icg1 (VLAN 100) and not from icg2 (VLAN 200):

2024-12-27T20:25:01    Informational    dhcpd    DHCPACK on 192.168.100.100 to CLIENT1 via igc1   
2024-12-27T20:25:01    Informational    dhcpd    DHCPREQUEST for 192.168.100.100 from CLIENT1 via igc1
2024-12-27T20:24:01    Informational    dhcpd    DHCPOFFER on 192.168.100.100 to CLIENT1 via igc1
2024-12-27T20:24:01    Informational    dhcpd    DHCPDISCOVER from CLIENT1 via igc1

I assume the default gateway is used not the desired gateway (corresponding OPNsense interface). When I connect my client directly to the OPNsense interface, it works fine. I already changed the port configuration of the connection between OPNsense and switch to tagged which did not help and I lost my connection to the switch. I read about DHCP relays but I think, I got the reverse situation.

Would be great to get some help.

Best regards
Peter

[EricPerl]

Can you reply with a screenshot of your Interfaces > Assignments ?
Which interface is  192.168.100.0/24?
What did you pick for subnets for each VLAN?

I'm also a bit confused how you hardwired OPN and the switch.
How many cables?

[Peter5567]

Hello Eric,

thanks for replying. Basically, it looks like this:

igc0 is WAN (internet works fine, so no issues here)
igc1 is LAN; it has the static IP address 192.168.100.1 /24 (will be my management network)
igc2 is OPT1; it has the static IP address 192.168.200.1 /24 (will be my private network)
igc3 is OPT2 (will be used later to separate some internal services)

The switch is located in the 192.168.100.0/24 subnet. It has the static IP address of 192.168.100.10 and the interface igc1 as default gateway. The VLANs are configured on the switch, eg.: Port 1 and 2 are members of VLAN 100; port 1 is marked as U (untagged) and directly connected by cable with the interface igc1 on the OPNsense. VLAN 200 is similar configured. So, each VLAN has a separate interface on the OPNsense which is directly connected by cable. (OPT2 will get its own cable later)

[dseven]

If you're receiving the DHCP request on igc1 for a device that's supposed to be on VLAN 200, either your switch is misconfigured, or you have your cables/ports mixed up....

[caplam]

i had a similar problem lately.
I resolved that by changing the pvid of the switchport connected to igc2. If you use it only for vlan200 (no trunk) set it to vlan200.
So if your igc2 port on opnsense is connected to port2 of the swwitch set it to be untagged on vlan200 with pvid 200.

[Peter5567]

Hey everyone,

thanks a lot for your comments and hints. I appreciate your time and effort.

After reading the comments I checked the switch again. The cable management was fine, however, I noticed some generated entries in my PVID configuration in regards of forbidden networks etc. So, I resetted my configuration and configured it again. Now, everything works as intended.

Thanks again and have a nice day.