12-08-2022 09:50 AM
HI, I am using a CBS350-8P-E-2G. The issue is that when I try to assign port 1 to VLAN2, and port 2 to VLAN3. The internet does down. I tried to create a DHCP Pool to resolve this. But the service dhcp VLAN2 command does not work because there is no dhcp option for that command. I imagine there needs to be some subnetting done as well in order to isolate the VLANs from each other, which is my ultimate goal. But I am lost as to why the service dhcp VLAN2 command does not work. Here is what I am doing with creating the DHCP pool. How do I isolate two VLANs without the internet dropping? There is only one subnet, so I don't think I need a DHCP relay. But either way help is needed.
Router#configure terminal
Router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.128
Router(config)#ip dhcp pool network Floor1DHCP
Router(config-dhcp)#address low 192.168.1.2 high 192.168.1.127 255.255.255.128
Router(config-dhcp)#default-router 192.168.1.1
Router(config-dhcp)#dns-server 8.8.8.8 8.8.4.4
Router(config-dhcp)#exit
Router(config)#service dhcp VLAN2 (This is the problematic command without DHCP option)
12-09-2022 06:25 PM - edited 12-09-2022 06:26 PM
It sounds like you're running into an issue with your VLAN configuration on your switch. The issue you're describing, where the internet goes down when you try to assign VLANs to different ports, is likely caused by a misconfigured VLAN or DHCP pool.
In order to isolate two VLANs on your switch, you will need to create separate DHCP pools for each VLAN. This will allow each VLAN to have its own unique IP address range and prevent the VLANs from overlapping.
To create a DHCP pool for a VLAN on your switch, you will need to use the following syntax:
service dhcp
ip dhcp pool [POOL NAME]
network [IP ADDRESS] [SUBNET MASK]
default-router [DEFAULT GATEWAY]
dns-server [DNS SERVER IP]Replace [POOL NAME] with a unique name for the DHCP pool, [IP ADDRESS] with the IP address range for the VLAN, [SUBNET MASK] with the appropriate subnet mask, [DEFAULT GATEWAY] with the default gateway for the VLAN, and [DNS SERVER IP] with the IP address of the DNS server.
Once you have created a DHCP pool for each VLAN, you can then assign the VLANs to the appropriate ports on your switch using the following syntax:
interface [PORT NUMBER]
switchport mode access
switchport access vlan [VLAN NUMBER]Replace [PORT NUMBER] with the port number you want to assign the VLAN to, and [VLAN NUMBER] with the VLAN number you want to assign to the port.
I hope that helps!
12-09-2022 09:21 PM
In reading the original post I focus on this statement "There is only one subnet". You can not have multiple vlans share one subnet. The explanation for this starts with a reminder that a vlan is a broadcast domain. So if you have 3 vlans and one network you might try to divide the subnet into 3 parts. Let us say that vlan 1 has addresses 192.168.1.1 through 192.168.1.127, vlan 2 has addresses 192.168.1.128 through 192.168.1.191, vlan 3 has addresses 192.168.1.192 through 192.168.1.255. Think about what would happen if a device with IP 192.168.1.25 (in vlan 1) wants to communicate with a device with IP 192.168.1.199 (in vlan 3). The device with IP 192.168.1.25 will send an arp request for 192.168.1.199. The arp request is forwarded to all devices in vlan 1. But a broadcast from vlan 1 is not forwarded to vlan 3. So 192.168.1.199 never receives the arp request and there is no communication.
If you want 3 vlans you need 3 subnets.
12-10-2022 07:56 AM
I understand and thank you both for the clarification. I needed it.
How do I assign the DHCP pool to each VLAN?
service dhcp VLANname does not work. It seems to tell me that the command is not formatted properly. I will update with the exact error on Monday when I am back at work.
12-11-2022 06:06 AM
Sample from my CBS350 configuration. There is no service dhcp [vlan] command.
ip dhcp pool network VLAN1Pool
address low 192.168.10.100 high 192.168.10.149 255.255.255.0
default-router 192.168.10.3
dns-server 192.168.90.96
exit
ip dhcp pool network VLAN80Pool
address low 192.168.80.100 high 192.168.80.149 255.255.255.0
default-router 192.168.80.3
dns-server 192.168.90.96
exit
ip dhcp pool network VLAN90Pool
address low 192.168.90.100 high 192.168.90.149 255.255.255.0
default-router 192.168.90.3
dns-server 192.168.90.96
exit
12-11-2022 12:02 PM
Kris K
Thanks for providing an example of configuring multiple dhcp pools. There is a dhcp pool for each subnet. +5 for a good example. It is perhaps worth mentioning that with multiple pools when a host in one of the vlans/subnets sends a dhcp request as a broadcast the switch knows which interface received the request and looks for a pool that matches the subnet used by that vlan interface.
12-14-2022 10:21 AM
I am still having an issue with no internet when I assign a port to their respective VLANs. As soon as I assign the second port to the second VLAN there is no internet. I can ping inside and outside of the network on the switch. But the WAPs attached to GE1 and GE2 lose internet. I should also add that DHCP for the two VLANs shows as static. Here is my running-config and network topology.
ip dhcp pool network VLAN2Pool
address low 192.168.1.2 high 192.168.1.126 255.255.255.128
default-router 192.168.1.1
dns-server 172.16.16.16
exit
ip dhcp pool network VLAN3Pool
address low 192.168.3.2 high 192.168.3.62 255.255.255.192
default-router 192.168.3.1
dns-server 172.16.16.16
exit
12-14-2022 11:48 PM
I am not clear what is going on here. The first thing I notice is that the addressing used in your diagram does not match the addressing shown in your posted config.
I am also not clear about the symptoms you describe. Are you saying that if you bring up a single port that it does have Internet access and when you bring up a second port then neither host has Internet access?
12-20-2022 12:33 PM - edited 12-20-2022 12:34 PM
I apologize, this is the correct network topology. The hotspot is not acting as a router. It is only passing a public IP address to the Next Generation firewall using IP passthrough.
How do I subnet this address into two networks?
172.16.16.0 /24
I got...
172.16.16.1 - 172.16.63 255.255.255.192
172.16.16.66 - 172.16.16.126 255.255.255.128
Is this correct?
12-20-2022 05:47 PM
I would say no. There is IP address overlap.
"172.16.16.1 - 172.16.63 255.255.255.192"
Usable Host IP Range: 172.16.16.1 - 172.16.16.62
"172.16.16.66 - 172.16.16.126 255.255.255.128"
Usable Host IP Range: 172.16.16.1 - 172.16.16.126
I find this link very helpful in this regard.
https://www.calculator.net/ip-subnet-calculator.html
12-20-2022 10:13 PM
I agree with Kris K that there is overlap in the addressing that you suggest. If you change the mask of 172.16.16.66 - 172.16.16.126 255.255.255.128 to 172.16.16.66 - 172.16.16.126 255.255.255.192 it would work.
12-21-2022 09:27 AM - edited 12-21-2022 10:18 AM
Thanks for the help everyone. I really appreciate it and it has helped a lot. I have one final issue. After I assign port 1 to VLAN one. The internet goes down. Is there something I need to enable or do so that this does not happen?
As I understand it, it goes create VLANs, create DHCP pools, and then assign ports to VLANs. Do the names of the DHCP pools have to be the same as the VLAN names? Sorry for needing so much help. But I really do appreciate it and want to learn.
12-21-2022 10:40 PM
Part of your recent post is easy to answer and part is not. "Do the names of the DHCP pools have to be the same as the VLAN names?" The name of the DHCP pool does not need to be the same as the vlan name. The name of the DHCP pool is used only if there is more than one pool. The name of the first pool can be anything as long as it is different from the name of other pools.
The part that is  not: "After I assign port 1 to VLAN one. The internet goes down." We do not have enough specific information about the configuration of the port  to be  able to suggest  a solution 
08-28-2023 03:20 PM - edited 08-28-2023 03:21 PM
Step1
Router>enable Router#config terminal Router(config)#int fa0/0 Router(config-if)#ip add 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown Router(config-if)#exit
Step2
Router(config)# Router(config)#ip dhcp pool MY_LAN Router(dhcp-config)#network 192.168.1.0 255.255.255.0 Router(dhcp-config)#default-router 192.168.1.1 Router(dhcp-config)#dns-server 192.168.1.10
Step3
Router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide