Solved: Re: Multiple DHCP pools on Cisco 891F - Page 2

hochgenub · ‎08-13-2021

Hi everyone,

I have a cisco 891F vpn router and would like to have more than one dhcp pool. Possible?

Current dhcp pool is 192.168.1.0/254, gateway 192.168.1.1

I would like to create a new pool with 192.168.30.0/24 with gateway 192.168.30.1

Is this possible and would really appreciate if someone guided me on this with the IOS scripts.

Many thanks in advance

hochgenub · ‎08-21-2021

Hi Georg

All devices in the office connect to an unmanaged switch via
GigabyteEthernet 4
Both pools 1.0 and 30.0. Is that alright? Or should we get a separate
switch?

I tried inserting the ip dhcp pool VLAN100 but the range 192.168.30.0 was
already assigned to the earlier VLAN pool? How should I rename or redo the
dhcp pool again?

Thanks very much

Georg Pauwen · ‎08-21-2021

Hello,

it won't work. If all devices are connected to GigabitEthernet4, than all devices will get an IP address from the 192.168.30.0/24 range, since that port is assigned to Vlan 100.

I don't know if the 891F supports subinterfaces, try the config below:

Current configuration : 3186 bytes
!
! Last configuration change at 15:56:09 GMT Fri Aug 20 2021 by admin1
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Pxxxc_Swww-Cisco800
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
!
aaa session-id common
clock timezone GMT 8 0
!
--> ip dhcp excluded-address 192.168.1.1 192.168.1.30
ip dhcp excluded-address 192.168.30.1
!
ip dhcp pool one
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 165.21.83.88 165.21.100.88
!
--> ip dhcp pool VLAN100
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 165.21.83.88 165.21.100.88
!
ip domain name pxxxxx.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C891F-K9 sn Fxxxxxxxxxxxxx
!
username admin privilege 15 secret 5 $xxxxxxxxxxxxxxxxxxxxxxxxxxxx
username admin1 privilege 15 password 0 xxxxxxxx
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
lifetime 2880
crypto isakmp key sxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx hostname kxxxxxx
crypto isakmp keepalive 30
!
crypto ipsec transform-set IPSEC esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto dynamic-map sa1-dynamic 10
set transform-set IPSEC
set pfs group5
!
crypto map sa1 1 ipsec-isakmp dynamic sa1-dynamic
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip addres
duplex full
speed auto
!
interface GigabitEthernet0
no ip address
duplex full
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet4.100
encapsulation dot1q 100
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address 42.xx.xxxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex full
speed 1000
crypto map sa1
!
--> no interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
--> no interface Vlan100
ip address 192.168.30.1 255.255.255.0
ip nat inside

ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source route-map nonat interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 42.xx.xxx.xxx
!
route-map nonat permit 10
match ip address 101
match interface GigabitEthernet8
!
access-list 101 deny ip 192.168.30.0 0.0.0.255 172.31.1.0 0.0.0.255
--> access-list 101 permit ip 192.168.1.0 0.0.0.255 any
--> access-list 101 permit ip 192.168.30.1 0.0.0.255 any
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
transport input ssh
!
scheduler allocate 20000 1000
!
end

hochgenub · ‎08-21-2021

Hi Georg

Ok. I can whip out a spare gigabit switch and rig the 30.0 on GigEthernet
5?
Then move those devices that need 30.0 onto that switch. That will be
easier, correct?

How can I rename the Vlan pool to VLAN100? If can't, how do I remove the
whole 30.0 pool and recreate it again with the proper VLAN100 name?

Thanks

Georg Pauwen · ‎08-21-2021

Hello,

adding a spare switch to GigabitEthernet5 would certainly be easier.

You don't need to rename the DHCP pool, I just thought it looks weird when the pool is named Vlan2, but the actual Vlan it serves is Vlan 100. It will work just fine as is...

hochgenub · ‎08-21-2021

Hi Georg

Thanks for your reply

Well I actually followed your example of the previous post and didn't
realise the VLAN2 and VLAN100 myself, although I did find it strange.

But to clear this up could you kindly advise me how to standardize the
VLAN100 dhcp name back to VLAN2. Which lines do I need to input to realign
things back as well as assign the VLAN2 pool to GigabitEthernet 5 please?

Thanks

Georg Pauwen · ‎08-21-2021

Hello,

it is quite simple actually, you first need to delete the existing pool:

no ip dhcp pool VLAN100

and then simply readd the new pool, with the new name:

ip dhcp pool VLAN2
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 165.21.83.88 165.21.100.88

hochgenub · ‎08-21-2021

Hi Georg

That's all? What about the switchports, access-list and other lines etc?
Mind running through my 'sh run' please.

How about assigning GigEthernet #5 for 30.0 pool? You are sure both dhcp
pools will have internet connectivity?
I would post these when I'm back in office and I've setup the separate
network switch and sorted the respected devices for the required pools.

Really appreciate your help

Georg Pauwen · ‎08-21-2021

Hello,

make sure the config looks like this:

Current configuration : 3186 bytes
!
! Last configuration change at 15:56:09 GMT Fri Aug 20 2021 by admin1
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Pxxxc_Swww-Cisco800
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
!
aaa session-id common
clock timezone GMT 8 0
!
--> ip dhcp excluded-address 192.168.1.1 192.168.1.30
ip dhcp excluded-address 192.168.30.1
!
ip dhcp pool one
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 165.21.83.88 165.21.100.88
!
--> ip dhcp pool VLAN2
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 165.21.83.88 165.21.100.88
!
ip domain name pxxxxx.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C891F-K9 sn Fxxxxxxxxxxxxx
!
username admin privilege 15 secret 5 $xxxxxxxxxxxxxxxxxxxxxxxxxxxx
username admin1 privilege 15 password 0 xxxxxxxx
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
lifetime 2880
crypto isakmp key sxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx hostname kxxxxxx
crypto isakmp keepalive 30
!
crypto ipsec transform-set IPSEC esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto dynamic-map sa1-dynamic 10
set transform-set IPSEC
set pfs group5
!
crypto map sa1 1 ipsec-isakmp dynamic sa1-dynamic
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip addres
duplex full
speed auto
!
interface GigabitEthernet0
no ip address
duplex full
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
switchport access vlan 2
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address 42.xx.xxxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex full
speed 1000
crypto map sa1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
ip address 192.168.30.1 255.255.255.0
ip nat inside

ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source route-map nonat interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 42.xx.xxx.xxx
!
route-map nonat permit 10
match ip address 101
match interface GigabitEthernet8
!
access-list 101 deny ip 192.168.30.0 0.0.0.255 172.31.1.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.1 0.0.0.255 any
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
transport input ssh
!
scheduler allocate 20000 1000
!
end

Richard Burts · ‎08-21-2021

I agree that a new switch on a separate interface for the new vlan is the easy way to get this to work.

As far as vlan2 or vlan100 is concerned, this is a cosmetic issue. Looking at it from the human perspective it seems better that the vlan name and the name of the dhcp pool should be the same. But looking at it from the perspective of the switch it does not matter whether the name of the pool matches the name of the vlan or not.

HTH

Rick

hochgenub · ‎08-24-2021

Thanks again everyone! I'm just marking this part of the replies as a workable solution with the cli codes and all. Of course there are later parts to assign vlan to selected GE ports in the later parts of our discussion. But this generally works! Cheers everyone

paul driver · ‎08-15-2021

Hello

@hochgenub wrote:

Current dhcp pool is 192.168.1.0/254, gateway 192.168.1.1

I would like to create a new pool with 192.168.30.0/24 with gateway 192.168.30.1

You can add multiple dhcp scopes to a single dhcp pool, just need to add the secondary and overide keywords to the addtiional scopes

Example:
ip dhcp pool DHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

network 192.168.30.0 255.255.255.0 secondary
override default-router 192.168.30.1

network 192.168.31.0 255.255.255.0 secondary
override default-router 192.168.31.1

domain-name mynetwork.net
dns-server 8.8.8.8 8.8.8.4
lease 0 8

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hochgenub · ‎08-15-2021

Thanks Paul

I guess I can try that out as well on Monday

Will these command lines override the excluded IP addresses?

Thanks again

paul driver · ‎08-15-2021

Hello

No they wont, excluded addressing isnt part of the actual pool but they do relate to them, so you be good

Note - the default-gatway of each scope is excluded by default anyway.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Elliot Dierksen · ‎08-15-2021

I believe you can also do this with inheritance. I was looking for some examples as I think I have done this in the past, but I could not find it right away. To me, something like this seems cleaner.

ip dhcp pool parent

network 192.168.0.0 255.255.0.0

domain-name mynetwork.net
dns-server 8.8.8.8 8.8.8.4
lease 0 8

ip dhcp pool vlan1

network 192.168.0.0 255.255.255.0

default-gateway 192.168.0.1

ip dhcp pool vlan2

network 192.168.1.0 255.255.255.0

default-gateway 192.168.1.1

hochgenub · ‎08-17-2021

Hi Elliot

Thanks for the share.
But if I should want the IP pools to be permanent, what would be the
"lease" settings?

So far all the replies are very helpful and can be marked as solutions. Am
just looking for clear vlan ip dhcp pools that I can amend or adjust in the
future too.

Is there a cisco cli script to save the configuration and restart the
router? Thanks!