No DHCP on default VLAN

[jcoehoorn]

We recently purchased a building about 1/2 mile away from the rest of campus. There is fiber construction underway to bring this building into the rest of the main campus network (via third party circuit, so I may need help setting it up later), but for the next 2 1/2 months we're using a retired desktop with an extra NIC running Untangle as the router in the building. (I could probably do a little better using SD-WAN/MicroEdge for this, but I know Untangle NGFW and I know I can get what I need from it for free).

This is mainly working. I have the routing setup so the Internal interface is the parent for a few child VLAN interfaces (public student internet/wifi, admin internet/wifi, security cameras, and phones). The main parent interface vlan is only for infrastructure (Unifi Switches/APs, and a couple printers). There is also an OpenVPN connection back to the main campus, where the Unifi controller and certain other resources live, and a few static DNS entries for local campus resources like the unifi controller.

This all works... but only because I have static IPs for everything on the default (infrastructre) vlan. If I connect a laptop to a switch port on the default VLAN, it does not receive an address. Additionally, if I connect a laptop directly to Untangle's internal interface, it does not get an address.

I verified DHCP is turned on for this interface, and there are no special options set. DHCP is working on the child interfaces/vlans.

What could be going on here?

(I have things working as they are, but it would be nice to be able to set the Unifi APs back to DHCP mode).

[sky-knight]

Check your Unfi configuration for DHCP guarding, and either turn it off or make sure that it's configured for the IP addresses that Untangle uses.

You have the VLANs themselves working statically, so assuming that you configured a DHCP scope on each virtual interface on the Untangle, the only possible problem is Unifi doing Unifi things, and for some reason Unifi loves to eat DHCP. So after you muck with guarding, if that didn't sort it give the switches a power cycle.

And I don't mean a reboot... I mean POWER THE THINGS OFF unplug them for a good 15 seconds and then power them back up again.

[jcoehoorn]

How could Unifi eat DHCP if the controller is on the other side of the VPN? Unless the devices themselves somehow do it.

edit
Nevermind. Of course the devices do it, because they'd have to, since traffic doesn't pass directly through the Unifi controller. And I did have DHCP guard turned on for the default vlan (and only the default vlan) on the controller, so anything that passes through a Unifi switch (including inwall APs when port vlan is turned on) could have DHCP interfered with.

Still not clear why it impacts my laptop when connected directly to Untangle's internal interface, but I'm gonna give this a shot tomorrow and hope for good things.

[sky-knight]

Your laptop directly connected to Untangle's internal interface would need to be configured to tag its frames to communicate with a tagged interface on Untangle.

If your laptop is configured untagged, and not getting a DHCP address while directly connected I'm left to assume the untagged interface isn't configured to hand out an IP address.

It's HARD to get a NIC in a laptop to work with VLANs, which is why I directed you back to your switches.

[jcoehoorn]

No, the laptop interface is untagged... nothing special there, and there's definitely DHCP enabled with a good scope on the default/parent internal. Or maybe I'm just crazy. I'll find out tomorrow.

[sky-knight]

No, the laptop interface is untagged... nothing special there, and there's definitely DHCP enabled with a good scope on the default/parent internal. Or maybe I'm just crazy. I'll find out tomorrow.

If you've got DHCP enabled, on the untagged interface, AND the laptop is connected directly not getting an address? My first reflex is to tell you to reboot the laptop, because TCP/IP on the laptop has to be hung up... because at that point it's either working, or Untangle / DNSMasq are bugged... which is exceedingly unlikely!

[dashpuppy]

No, the laptop interface is untagged... nothing special there, and there's definitely DHCP enabled with a good scope on the default/parent internal. Or maybe I'm just crazy. I'll find out tomorrow.

IS the switch tagged / untagged properly ? What switch are you using ? trunk port tagged / untagged properly ?