DHCP Issue? pfSense + New Unifi Cloud Key G2+

Networking & Firewalls
1

Hi, Earlier this year I setup a dell Optiplex with pfSense then added a Unifi 8 port PoE lite switch with a flex mini and U6 Pro AP attached to it. All working fine with the Unifi controller hosted on another Optiplex running Ubuntu.

This past weekend I purchased a new Unifi Cloud Key Gen 2 Plus and a second flex mini switch. It adopted the PoE 8 port lite and U6 Pro AP without issue but is stuck adopting both flex minis and is not issuing ipv4 addresses without multiple resets.

I’m hoping I’m missing something on the configuration of the new controller. Thanks in advance for any help on a solution.

Configuration:

  1. pfSense 3 VLANs → Unifi 8 Port PoE.
  2. Ports sending and receiving to the flex mini are set to default vlan 1 allow all
  3. The new cloud key is hosted on the same network.

Testing:

  1. When I plug a client into the flex mini what is interesting is it receives an ipv6 address but not ipv4. pfSense default configuration had ipv6 on LAN dhcp, I did not configure on vlans.
  2. Setup option 43 on pfSense with no resolution.
  3. After multiple days of resetting both flex minis and parent switch I now have three clients receiving traffic, but add a new client and no ipv4 address is issued.
  4. FlexMinis are constantly cycling with adoption.
  5. pfSense DHCP is setup to issue static ip addresses to all switches based on mac address, though the flex minis keep defaulting to 192.168.1.20. No changes to pfSense configuration outside of option 43.
  6. In the Unifi Controller network configuration maybe I have something incorrectly configured? see images below.

unifi1
unifi11536×789 76.6 KB

Thanks! - Heath

2

Is pfsense out of DHCP leases? Are there any errors in the pfsense logs under DHCP?

3

Hi Tom, Thank you for your response. From the logs, DHCP is responding to a mac address on more than one network. My laptop receives an ip address from the LAN network and VLAN 20 but not my other VLANs. Is this correct behavior?

On the Unifi switch in the old controller I selected ALL for the port profile in the new controller I have Allow All selected on the uplink port and port to device as I want the LAN networkl. My travel router receives two ip addresses one from LAN and one from VLAN20 and fails to connect. When I connect it to the parent switch it connects.

Unifi
Unifi817×1057 135 KB

Thanks! Heath

4

Please copy paste logs, not screen shots as they are hard to read.

When looking at the logs it show the IP given, the MAC and then the interface.

DHCPREQUEST for 192.168.60.25 from 9c:8e:cd:2b:78:2e via igc2.60
DHCPREQUEST for 172.16.16.50 from 00:a0:98:79:3b:b8 via igc2

In the above example the native network is igc2 and the VLAN on that interface is igc2.60 which is VLAN 60.

5

Tom,

Thank you for your help!

In the below unifi port configuration for igb1.20 connected to a non vlan capable wifi I changed from “Allow All” to “Block All” and do not see multiple networks /vlans responding to a dhcp request anymore. I also changed ports set to default igb1 native to “block all” with exception to uplink ports connecting switches to the pfSense trunk. This I’m lacking understanding as I thought a port receiving all tagged and untagged traffic would always default to the native igb1 interface?

Enjoying all the learning!

-Heath

Screenshot from 2024-12-11 20-16-41
Screenshot from 2024-12-11 20-16-41777×880 40.9 KB