Multiple DHCP on Multiple VLAN not working

kkwaskcisco · ‎01-16-2015

Hi there;

In my core network switch, I have multiple VLANs, I have these command to assign to DHCP pools. I configured a port on my core switch for DMZ_VLAN and when I connect my computer to this port, I can get the ip address from the dmz_vlan dhcp pool. Because I assigned an IP address to the interface of vlan 192, then I found that one of my server "192.168.0.100" connection dropped, I cannot ping this server on the dmz VLAN, and it cannot provide the http service as usual until I remove the "interface vlan 192" from the switch. Why? However; without this command, I cannot receive the 192.168.0.0 network IP from the pool.

ip dhcp pool data_vlan1

network 10.10.1.0 255.255.255.0

default-router 10.10.1.1

dns-server 10.10.1.100 10.10.1.101

domain-name company.local

lease 7

ip dhcp pool dmz_vlan

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 8.8.8.8 4.2.2.2

domain-name company.com

lease 7

interface vlan 10

ip address 10.10.1.254

interface vlan 192

ip address 192.168.0.254

nspasov · ‎01-16-2015

Can you provide the full config of the device and attach it here?

Also, which device is acting as the default gateway for your networks? The current DHCP pools are pointing to devices with an IP addresses of 192.168.0.1 and 10.10.1.1 which are not the IPs that you have assigned on the device hosting the DHCP pools.

Thank you for rating helpful posts!

kkwaskcisco · ‎01-16-2015

Hi; thanks for the response.

there is a typos for

interface vlan 10

ip address 10.10.1.254

it should be

interface vlan 10

ip address 10.10.1.1

For the default router in the dmz_pool, 192.168.0.1 is the dmz interface IP on my firewall.

default-router 192.168.0.1

if the vlan 192 ip address is 192.168.0.254, then should the default-router is 192.168.0.254, not 192.168.0.1?

Or if I need the default router point to 192.168.0.1 directly in DMZ dhcp pool, can I get the ip from the dhcp pool without the vlan interface ip for vlan 192?

nspasov · ‎01-16-2015

I am still a bit confused. Can you put together a quick diagram that shows:

1. Your DHCP server

2. Your L3 device that hosts the ip addresses of 192.168.0.1 and 10.10.1.1

3. Your Firewall

kkwaskcisco · ‎01-16-2015

in my layer 3 switch, there are different vlans, a transit vlan is used to connected the firewall and layer 3 switch for all traffic from lan side going thru.

And a network cable is used to connect the access port on layer 3 switch to the dmz port on firewall.

a static route added to the layer 3 switch "ip route 0 0 10.100.1.1" which is the ip on firewall lan interface.

I would like to have the dhcp client in dmz network can get the ip address of dmz network correctly, and access to internet.

nspasov · ‎01-20-2015

Sorry for the delay as I got busy with work. If your layer 3 switch is the default gateway for VLAN 192 then the default-router for the DHCP scope should be the IP address of the layer 3 switch interface (192.168.0.254). With that being said, the FW DMZ_192 interface, the switch SVI for VLAN 192 and the DMZ server should all be in the same broadcast domain, thus they should be able to reach each other.

So, can you confirm with me exactly what does not work on the server configured with VLAN 192 and a static IP? For instance,

1. Can you ping the server from the L3 switch

2. Can you ping the server from the FW

3. Can the server ping 192.168.0.1 and 192.168.0.254

4. Can the server ping the outside world? For instance, www.google.com and 4.2.2.2

5. Have you tried taking a test PC, connecting to the switchport configured for VLAN 192 and see if you get an IP address from the DHCP scope

kkwaskcisco · ‎01-21-2015

thanks for your response. I have to try it out again. I believed that I might use the wrong gateway ip in my dhcp commands.

Because I use the DMZ interface on firewall as the gateway while configuring the dhcp for dmz network.

nspasov · ‎01-21-2015

Sounds good. Pls try it out and let us know of the outcome!