DHCP Pool on VLAN with PC fixed address

victorc7 · ‎04-20-2021

Hello,

I am trying to configure on a Catalyst 1000 switch a DHCP Server on network 192.168.1.0/24 with a fixed IP address of 192.168.1.10 for a PC Network with a specific MAC address.

Here is the steps I followed :

1) Type commands on Switch

conf t

ip dhcp pool 192.168.1.0
	network 192.168.1.0 255.255.255.0
	default-router 192.168.1.1
	exit

int vlan 1
	ip address pool 192.168.1.0
	exit

ip dhcp pool PC
	host 192.168.1.10
	hardware-address 01xx.xxxx.xxxx.xx
	exit

do sh ip dhcp pool

2) Check on Switch

Pool 192.168.1.0 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 0
 Excluded addresses             : 1
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 192.168.1.1          192.168.1.1      - 192.168.1.254     0     / 1     / 254

Pool PC :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 1
 Leased addresses               : 1
 Excluded addresses             : 1
 Pending event                  : none
 0 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 192.168.1.10         192.168.1.10     - 192.168.1.10      1     / 1     / 1

3) Type commands on Switch

do clear ip dhcp binding *

4) Type commands on PC

ipconfig /release && ipconfig /renew

No IP delivered

5) Type commands on Switch

do sh interfaces

6) Check

Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is XXXX.XXXX.XXXX (bia XXXX.XXXX.XXXX)
Internet address will be autoconfigured from local DHCP pool
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:22:34, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 2 interface resets
1704 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is XXXX.XXXX.XXXX (bia XXXX.XXXX.XXXX)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:01:18, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 3000 bits/sec, 3 packets/sec
34620 packets input, 8502653 bytes, 0 no buffer
Received 4427 broadcasts (3590 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 3590 multicast, 0 pause input
0 input packets with dribble condition detected
62613 packets output, 37744232 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

7) Type commands on Switch

int gigabitEthernet 1/0/1
	shutdown
	no shutdown
	exit
	
do sh ip dhcp binding

Check

Bindings from all pools not associated with VRF:
IP address      Client-ID/              Lease expiration        Type       State      Interface
                Hardware address/
                User name
192.168.1.10     01xx.xxxx.xxxx.xx       Infinite                Manual     Selecting  Unknown

9) Type commands on PC

ipconfig /renew

No IP delivered

10) Type commands on Switch

ip dhcp pool 192.168.1.0
	network 192.168.1.0 255.255.255.0
	default-router 192.168.1.1
	address 192.168.1.10 hardware-address 01xx.xxxx.xxxx.xx

% Address 192.168.1.10 is not valid in this pool.

	exit

int vlan 1
	ip address 192.168.1.2 255.255.255.0
	exit

11) Type commands on PC

ipconfig /renew

=> Got 192.168.1.3

12) Type commands on Switch and Check

(config)#do sh ip dhcp binding

Bindings from all pools not associated with VRF:
IP address      Client-ID/              Lease expiration        Type       State      Interface
                Hardware address/
                User name
192.168.1.1      XXXX.XXXX.XXXX          Apr 22 2021 12:57 AM    Automatic  Active     Vlan1
192.168.1.3      01xx.xxxx.xxxx.xx       Apr 22 2021 12:58 AM    Automatic  Active     Vlan1
192.168.1.10     01xx.xxxx.xxxx.xx       Infinite                Manual     Selecting  Unknown

(config)#do sh ip dhcp pool

Pool 192.168.1.0 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 2
 Excluded addresses             : 1
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 192.168.1.4          192.168.1.1      - 192.168.1.254     4     / 3     / 254

Pool PC :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 1
 Leased addresses               : 1
 Excluded addresses             : 1
 Pending event                  : none
 0 subnet is currently in the pool :
 Current index        IP address range                    Leased/Excluded/Total
 192.168.1.10         192.168.1.10     - 192.168.1.10      1     / 1     / 1

So I have an IP address but not using the one that is matching to the correct fixed pool.

johnlloyd_13 · ‎04-20-2021

hi,

can you use the keyword 'client-identifier' instead?

also reserve/exclude the IP for the gateway from DHCP and add DNS (and domain name if possible).

ip dhcp excluded-address 192.168.1.1

ip dhcp pool 192.168.1.0

dns-server 8.8.8.8
host 10.10.12.10 255.255.255.0
client-identifier 01xx.xxxx.xxxx.xx

balaji.bandi · ‎04-20-2021

Look at the example to client-identifier :

https://networklessons.com/cisco/ccie-routing-switching/dhcp-static-binding-on-cisco-ios

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

victorc7 · ‎04-21-2021

Thanks for your replies.

It seems to be working with this commands :

conf t

ip dhcp excluded-address 192.168.1.1 192.168.1.199
ip dhcp pool 192.168.1.0
	network 192.168.1.0 255.255.255.0
	dns-server 8.8.8.8
	default-router 192.168.1.1
	exit

int vlan 1
	ip address pool 192.168.1.0
	exit

ip dhcp pool PC
	host 192.168.1.10
	client-identifier 01xx:xx:xx:xx:xx:xx
	exit

However, if I have an ISP Routeur on port 9 which provides DHCP on 192.168.0.0/24, it may take IP from this DHCP.

Issue disappear if Routeur is unplugged.
It may have a function to prevent this to happen?

balaji.bandi · ‎04-21-2021

how is your full configuraiton looks like now. Port 9 also taking DHCP from 1.X range ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

victorc7 · ‎04-21-2021

What is the command to display full config?

balaji.bandi · ‎04-21-2021

i mean " show run" so the question not answered was is the port 9 getting IP address internal DHCP ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

victorc7 · ‎04-21-2021

Thanks for the command.

Here is the result :

Building configuration...

Current configuration : 4890 bytes
!
! Last configuration change at 16:52:10 UTC Wed Apr 21 2021
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1000-8P-E-2G-L
!
boot-start-marker
boot-end-marker
!
enable secret 9 XXX
!
no aaa new-model
switch 1 provision c1000-8p-e-2g-l
system mtu routing 1500
ip dhcp excluded-address 192.168.1.1 192.168.1.199
!
ip dhcp pool PC
 host 192.168.1.10 255.255.255.0
 client-identifier 01xx.xxxx.xxxx.xx
!
!
ip dhcp pool 192.168.1.0
 network 192.168.1.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 192.168.1.1
!
!
ip dhcp snooping vlan 1
ip dhcp snooping
ip domain-name domain.com
ip name-server 10.0.0.1
ip igmp snooping vlan 10 last-member-query-count 2
ip igmp snooping vlan 10 last-member-query-interval 1000
!
!
!
!
! ...
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet1/0/1
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/2
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/3
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/4
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/5
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/6
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/7
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/8
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/9
 switchport mode trunk
 ip dhcp snooping trust
!
interface GigabitEthernet1/0/10
 ip dhcp snooping trust
!
interface Vlan1
 no ip address
!
ip default-gateway 192.168.1.1
ip http server
ip http banner
ip http authentication local
ip http secure-server
!
!
!
!
line con 0
line vty 0 4
 login local
 transport input all
 transport output all
line vty 5 10
 login local
 transport input all
 transport output all
line vty 11 15
 login
 transport input none
!
end

paul driver · ‎04-21-2021

Hello

@victorc7 wrote:

ip dhcp pool PC
 host 192.168.1.10 255.255.255.0
 client-identifier 01xx.xxxx.xxxx.xx
!
!
ip dhcp pool 192.168.1.0
 network 192.168.1.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 192.168.1.1



interface GigabitEthernet1/0/9
 switchport mode trunk
 ip dhcp snooping trust

interface Vlan1
 no ip address
!
ip default-gateway 192.168.1.1

The switch needs to be a running a valid l3 interface and ip routing for dhcp server service to work correctly , In your configuration you don't have a valid vlan 1 ip address plus you have dhcp snooping enabled but trusting every interface which make no sense even enabling snooping in the first place also it isnt viable unless the switch is running as a layer 2 host switch.

So can you confirm if this switch SHOULD be routing for you network or do you have a router performing this function and if that is the case then the dhcp server service needs to running on the routing device and not the switch.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

victorc7 · ‎04-21-2021

The goal is to use ISP Router as an external Gateway, which is also used by STB, but all adressing will be made by the CISCO switch.

The switch will act as a DHCP Server and ISP Router DHCP will be ignored by other interfaces. However, if a device wants to access Internet, it will go though ISP Router.

For cost reason, I don't have any other CISCO router for the moment.

paul driver · ‎04-21-2021

Hello

@victorc7 wrote:

The goal is to use ISP Router as an external Gateway, which is also used by STB, but all adressing will be made by the CISCO switch.

The switch will act as a DHCP Server and ISP Router DHCP will be ignored by other interfaces. However, if a device wants to access Internet, it will go though ISP Router.

So if the isp next-hop is 192.1681.1 you need to enable ip routing on the switch with a default route

switch

conf t
ip routing
ip route 0.0.0.0 0.0.0.0 vlan 1 192.168.1.1

int vlan 1
ip address 192.168.1 X 255.255.255.0
no shut

int x/x
description link to isp rtr
switchport host
ip dhcp snooping trust
no shut

int x/x
description link clients
switchport host
no shut

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

victorc7 · ‎04-21-2021

I tried to adapt to my config, but it seems that I missed something.

It seems that even when using commands :

int vlan 1
	ip address pool 192.168.1.0
	exit

It did not changed running config. So I used a fixed IP then retype the command and DHCP seems now to be pre-emptive.

However, I am still unable to get access to Internet from 192.168.1.0/24 network, which use ISP Router located on 192.168.0.2.

victorc7 · ‎04-21-2021

I does not seems like port 9 received an IP from other DHCP server.

It may be linked to the config.

victorc7 · ‎04-21-2021

#sh interface g1/0/9
GigabitEthernet1/0/9 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is XXXX.XXXX.XXXX (bia XXXX.XXXX.XXXX)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:41:36, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 178000 bits/sec, 16 packets/sec
  5 minute output rate 66000 bits/sec, 10 packets/sec
     154977 packets input, 93701466 bytes, 0 no buffer
     Received 6770 broadcasts (4213 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 4213 multicast, 0 pause input
     0 input packets with dribble condition detected
     138324 packets output, 34354385 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

victorc7 · ‎04-21-2021

Last try, but something still missing in routing in order to get Internet :

C1000-8P-E-2G-L(config)#do sh run
Building configuration...

Current configuration : 4932 bytes
!
! Last configuration change at 00:08:57 UTC Thu Apr 22 2021
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1000-8P-E-2G-L
!
boot-start-marker
boot-end-marker
no aaa new-model
switch 1 provision c1000-8p-e-2g-l
system mtu routing 1500
ip routing
ip dhcp excluded-address 192.168.1.1 192.168.1.199
!
ip dhcp pool Netgear-WAX214
 host 192.168.1.5 255.255.255.0
 client-identifier 01xx.xxxx.xxxx.xx
!
ip dhcp pool PC-RJ45
 host 192.168.1.10 255.255.255.0
 client-identifier 01xx.xxxx.xxxx.xx
!
ip dhcp pool PC-Wifi
 host 192.168.1.11 255.255.255.0
 client-identifier 01xx.xxxx.xxxx.xx
!
ip dhcp pool 192.168.1.0
 network 192.168.1.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 192.168.1.1
!
ip dhcp pool ISP
 host 192.168.0.2 255.255.255.0
 client-identifier 01xx.xxxx.xxxx.xx
!
ip dhcp pool Switch-192.168.0.0
 host 192.168.0.4 255.255.255.0
 client-identifier xx.xxxx.xxxx
!
!
ip dhcp snooping vlan 1
ip dhcp snooping
ip domain-name domain.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip igmp snooping vlan 10 last-member-query-count 2
ip igmp snooping vlan 10 last-member-query-interval 1000
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
 switchport mode trunk
!
interface GigabitEthernet1/0/10
!
interface Vlan1
 ip address pool 192.168.1.0
!
ip default-gateway 192.168.1.1
ip http server
ip http banner
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.2
!
end