VLANs with DHCP + DNS...almost

I recently found this comment by @slowlearner showing how to add VLANs.

I followed it to the letter. I didn't change any existing .conf files and I only created one: 10-vlans.conf. It looks like this:

#2020-08-29 2:01 PM
#Adding VLANs for Pi-Hole to run DHCP + DNS
# 96, 98, 99, 104, 151

#Source @slowlearner on discourse.pi-hole.net/t/extra-dhcp-server-options/6416/5

#Step 4
log-dhcp

#Step 5 - Configure VLANS
# Start IP Range at .3 to avoid Gateway on .2
# Stop IP Range at .250 because I like round numbers

#Example Line 1: dhcp hyphen range equals set colon VLANID comma IPRangeStart comma IPRangeEnd comma SubnetMask comma LeaseDuration
#Example Line 2: dhcp hyphen option equals tag colon VLANID comma option colon router comma GatewayIP

dhcp-range=set:151,192.168.151.3,192.168.151.250,255.255.255.0,24h
dhcp-option=tag:151,option:router,192.168.151.2

dhcp-range=set:96,192.168.96.3,192.168.96.250,255.255.255.0,24h
dhcp-option=tag:96,option:router,192.168.96.2

dhcp-range=set:97,192.168.97.3,192.168.97.250,255.255.255.0,24h
dhcp-option=tag:97,option:router,192.168.97.2

dhcp-range=set:98,192.168.98.3,192.168.98.250,255.255.255.0,24h
dhcp-option=tag:98,option:router,192.168.98.2

dhcp-range=set:99,192.168.99.3,192.168.99.250,255.255.255.0,24h
dhcp-option=tag:99,option:router,192.168.99.2

dhcp-range=set:104,192.168.104.3,192.168.104.250,255.255.255.0,24h
dhcp-option=tag:104,option:router,192.168.104.2

When I ran dnsmasq --test, it returned syntax check OK.

The trouble that I run into is that some machines on some VLANs are not working. Some show up in the DHCP leases but cannot be reached. Some don't show up anywhere.

Can you confirm that this .conf matches my objective? Any idea what is wrong?

NB: This was a VLAN setup on a Meraki MX84 that was migrated to Pi-Hole when I found out (the hard way) that the Meraki will not handle internal DNS, so I had a severe deficiency in the area of internal hostname resolution. None of the wiring has changed. Patch panels and managed switches are the same as they were before. Any input is appreciated.

Cannot be reached from the devices in their own VLAN, from devices in the other VLANs or not at all? Do these devices have Internet access or can they reach the Pi-hole?

Hi @Coro, Cannot be reached means no contact from any direction. No ping from the same VLAN or by ping from the Pi-Hole server or with our remote access program (Veyon).

These machines cannot connect out to the internet.

Are you sure the respective gateways (like 192.168.99.2, 192.168.98.2, etc.) do all exist and know the routes from everywhere to everywhere else? And why are they at .2 ? This is unusual at least.

Yes, the gateways are all set up. They were working fine when DHCP was on another server.

I didn't set up the Router, so I don't know why they are on .2 but I don't want to change too many things at once, so I left them that way until I got the DHCP working properly.

The weird part is that some of the workstations are fine, but some of them don't work at all. Does that mean that the issue is somewhere else? (I wonder if the managed switch is the problem.)

Maybe, do you have some Linux machines seeing the issue? If so, use the other DHCP server and run

sudo nmap -e eth0 --script broadcast-dhcp-discover

then run the same with the Pi-hole DHCP server and watch out for any differences. (I borrowed the command from @deHakkelaar)

1 Like