Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
DHCP Solution for VLANs on Layer 3 Switch?
« previous
next »
Print
Pages: [
1
]
Author
Topic: DHCP Solution for VLANs on Layer 3 Switch? (Read 4148 times)
netager
Newbie
Posts: 4
Karma: 0
DHCP Solution for VLANs on Layer 3 Switch?
«
on:
October 31, 2020, 08:47:18 pm »
Total noob here... Wiring our house for Cat6 and couple 10G fiber drops... Decided that our current Asus router doesn't cut it anymore...
Here is what I'm trying to do:
ISP Modem --> Protectli box with Opnsense (4 Intel NICs) --> Layer 3 switch with couple VLANs and different subnets. I want Layer 3 switch to do all routing at line speed for LAN with Opnsense doing firewall duty for the web traffic. I don't want Layer 3 switch to handle DHCP. So one interface on the Opnsense box is WAN, one is LAN to the switch.
Problem: Opnsense can't give out iP leases to the subnets without interface connected to that subnet. That's how I understand this... I don't understand why, that's beyond my skill level at this point.
Solution? Most recommendations online to run a separate DHCP server on another box (Windows, Pi, etc.)
My question is... What is the problem? Is this dhcpd limitation on Opensense? Opensense comes with dnsmasq which has DHCP server and can give out IPs in the configuration described above... Can I just switch to dnsmasq instead of dhcpd and manually configure for my case? Or configure dnsmasq to run on Opnsense box but use one of the free interfaces? For ex, box is 192.168.1.1, can I assign 192.168.1.2 for dnsmasq DHCP server on one of the unused interfaces? Any other options except getting another machine to run DHCP server?
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: DHCP Solution for VLANs on Layer 3 Switch?
«
Reply #1 on:
October 31, 2020, 09:01:02 pm »
Why do you want to separate your network in VLANs but don't want a firewall between these networks? Plain routing won't protect clients from subnet A from clients from subnet B.
You would need to create interfaces for your VLANs on your OPNsense, if the OPNsense should react on DHCP requests. DHCP requests are broadcast requests from clients, which are usually not crossing subnet borders (you can use a relay service to do that). Because every VLAN will have its own subnet, you need to have multiple DHCP configurations on multiple interfaces on the OPNsense, where you want the OPNsense to be your DHCP server.
Logged
„The S in IoT stands for Security!“
netager
Newbie
Posts: 4
Karma: 0
Re: DHCP Solution for VLANs on Layer 3 Switch?
«
Reply #2 on:
October 31, 2020, 09:18:07 pm »
Gauss23, good questions... I'm not 100% sure... Need to start somewhere, right?
So the picture that I have in my head...
One VLAN will be all CAT6 and 10G fiber devices: 1 file sever and few desktops.
The wireless access point that I'm looking at can do 3 VLANs. I'm thinking to use one for all wireless devices and home assistants, one guest wifi and one for couple untrusty Chinese contraptions that need wifi access.
So it is possible that I will want wired VLAN to be visible to "Home" wifi VLAN, but guest VLAN should have access only to Internet through Opnsense box. So if I setup interVLAn routing it kinda defeats the purpose?
But for DHCP I can setup ip-helper on each VLAN on the switch instead of having interface in each VLAN?
Logged
netager
Newbie
Posts: 4
Karma: 0
Re: DHCP Solution for VLANs on Layer 3 Switch?
«
Reply #3 on:
October 31, 2020, 09:33:38 pm »
I'm confused about few things here...
But most of all I'm confused about what is the difference between Opnsense being my DHCP server and stand alone DHCP server. Opensense itself, doesn't serve IPs, right? It uses dhcpd or dnsmasq. So what is the difference running dnsmasq on Opensense box and standalone box? Why it can't lease IPs to a subnet without interface, another box will be able to?
I'm thinking something like this...
https://www.robertparten.com/dnsmasq-dhcp-configuration-for-multiple-subnets/
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: DHCP Solution for VLANs on Layer 3 Switch?
«
Reply #4 on:
October 31, 2020, 09:51:15 pm »
I don’t think another box can serve DHCP requests without an interface in that network.
You can relay requests from one interface to another but it won’t change a lot.
The link you posted: where is the mapping from subnet to VLAN? It means in this example the server will have an interface in every VLAN it will serve IPs for.
Adding interfaces on your OPNsense for every VLAN you want to serve IPs for doesn’t mean that your OPNsense will be the default gateway for that subnet. It will just have a leg in that subnet to be able to answer dhcp broadcast requests.
Logged
„The S in IoT stands for Security!“
netager
Newbie
Posts: 4
Karma: 0
Re: DHCP Solution for VLANs on Layer 3 Switch?
«
Reply #5 on:
October 31, 2020, 10:05:32 pm »
Gauss23, thank you for your responses... Looks like I will have to educate myself a little more so I have a better understanding of what I'm dealing here with...
I could run DHCP on the switch, but looks like there is an issue with the one I have available:
https://forums.servethehome.com/index.php?threads/brocade-icx-6450-dhcp-problems-with-certain-iot-devices.22725/
Logged
Gauss23
Hero Member
Posts: 766
Karma: 39
Re: DHCP Solution for VLANs on Layer 3 Switch?
«
Reply #6 on:
October 31, 2020, 11:19:41 pm »
If you want to be able to use DNS for internal devices which get their IP by DHCP you should opt for a solution which is capable of that and it should be the only DHCP in your whole network. OPNsense is able to register DHCP IPs in its DNS.
Logged
„The S in IoT stands for Security!“
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
DHCP Solution for VLANs on Layer 3 Switch?