cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1737
Views
10
Helpful
13
Replies

VLANs, DHCP Pool, and Subnetting

Wildcard
Level 1
Level 1

HI, I am using a CBS350-8P-E-2G. The issue is that when I try to assign port 1 to VLAN2, and port 2 to VLAN3. The internet does down. I tried to create a DHCP Pool to resolve this. But the service dhcp VLAN2 command does not work because there is no dhcp option for that command. I imagine there needs to be some subnetting done as well in order to isolate the VLANs from each other, which is my ultimate goal. But I am lost as to why the service dhcp VLAN2 command does not work. Here is what I am doing with creating the DHCP pool. How do I isolate two VLANs without the internet dropping? There is only one subnet, so I don't think I need a DHCP relay. But either way help is needed.

Router#configure terminal

Router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.128

Router(config)#ip dhcp pool network Floor1DHCP

Router(config-dhcp)#address low 192.168.1.2 high 192.168.1.127 255.255.255.128

Router(config-dhcp)#default-router 192.168.1.1

Router(config-dhcp)#dns-server 8.8.8.8 8.8.4.4

Router(config-dhcp)#exit

Router(config)#service dhcp VLAN2 (This is the problematic command without DHCP option)

13 Replies 13

MaxShantar
Cisco Employee
Cisco Employee

It sounds like you're running into an issue with your VLAN configuration on your switch. The issue you're describing, where the internet goes down when you try to assign VLANs to different ports, is likely caused by a misconfigured VLAN or DHCP pool.

In order to isolate two VLANs on your switch, you will need to create separate DHCP pools for each VLAN. This will allow each VLAN to have its own unique IP address range and prevent the VLANs from overlapping.

To create a DHCP pool for a VLAN on your switch, you will need to use the following syntax:

service dhcp
ip dhcp pool [POOL NAME]
network [IP ADDRESS] [SUBNET MASK]
default-router [DEFAULT GATEWAY]
dns-server [DNS SERVER IP]

Replace [POOL NAME] with a unique name for the DHCP pool, [IP ADDRESS] with the IP address range for the VLAN, [SUBNET MASK] with the appropriate subnet mask, [DEFAULT GATEWAY] with the default gateway for the VLAN, and [DNS SERVER IP] with the IP address of the DNS server.

Once you have created a DHCP pool for each VLAN, you can then assign the VLANs to the appropriate ports on your switch using the following syntax:

interface [PORT NUMBER]
switchport mode access
switchport access vlan [VLAN NUMBER]

Replace [PORT NUMBER] with the port number you want to assign the VLAN to, and [VLAN NUMBER] with the VLAN number you want to assign to the port.

I hope that helps!

In reading the original post I focus on this statement "There is only one subnet". You can not have multiple vlans share one subnet. The explanation for this starts with a reminder that a vlan is a broadcast domain. So if you have 3 vlans and one network you might try to divide the subnet into 3 parts. Let us say that vlan 1 has addresses 192.168.1.1 through 192.168.1.127, vlan 2 has addresses 192.168.1.128 through 192.168.1.191, vlan 3 has addresses 192.168.1.192 through 192.168.1.255. Think about what would happen if a device with IP 192.168.1.25 (in vlan 1) wants to communicate with a device with IP 192.168.1.199 (in vlan 3). The device with IP 192.168.1.25 will send an arp request for 192.168.1.199. The arp request is forwarded to all devices in vlan 1. But a broadcast from vlan 1 is not forwarded to vlan 3. So 192.168.1.199 never receives the arp request and there is no communication.

If you want 3 vlans you need 3 subnets.

HTH

Rick

Wildcard
Level 1
Level 1

I understand and thank you both for the clarification. I needed it.

How do I assign the DHCP pool to each VLAN?

service dhcp VLANname does not work. It seems to tell me that the command is not formatted properly. I will update with the exact error on Monday when I am back at work.

 

KJK99
Level 1
Level 1

Sample from my CBS350 configuration. There is no service dhcp [vlan] command.

ip dhcp pool network VLAN1Pool
address low 192.168.10.100 high 192.168.10.149 255.255.255.0
default-router 192.168.10.3
dns-server 192.168.90.96
exit
ip dhcp pool network VLAN80Pool
address low 192.168.80.100 high 192.168.80.149 255.255.255.0
default-router 192.168.80.3
dns-server 192.168.90.96
exit
ip dhcp pool network VLAN90Pool
address low 192.168.90.100 high 192.168.90.149 255.255.255.0
default-router 192.168.90.3
dns-server 192.168.90.96
exit

Kris K

Kris K

Thanks for providing an example of configuring multiple dhcp  pools. There is a dhcp pool for each subnet. +5 for a good example. It is perhaps worth mentioning that with multiple pools when a host in one of the vlans/subnets sends a dhcp request as a broadcast the switch knows which interface received the request and looks for a pool that matches the subnet used by that vlan interface.

HTH

Rick

Wildcard
Level 1
Level 1

I am still having an issue with no internet when I assign a port to their respective VLANs. As soon as I assign the second port to the second VLAN there is no internet. I can ping inside and outside of the network on the switch. But the WAPs attached to GE1 and GE2 lose internet. I should also add that DHCP for the two VLANs shows as static. Here is my running-config and network topology.

 

ip dhcp pool network VLAN2Pool
address low 192.168.1.2 high 192.168.1.126 255.255.255.128
default-router 192.168.1.1
dns-server 172.16.16.16
exit
ip dhcp pool network VLAN3Pool
address low 192.168.3.2 high 192.168.3.62 255.255.255.192
default-router 192.168.3.1
dns-server 172.16.16.16
exit

I am not clear what is going on here. The first thing I notice is that the addressing used in your diagram does not match the addressing shown in your posted config.

I am also not clear about the symptoms you describe. Are you saying that if you bring up a single port that it does have Internet access and when you bring up a second port then neither host has Internet access?

HTH

Rick

I apologize, this is the correct network topology. The hotspot is not acting as a router. It is only passing a public IP address to the Next Generation firewall using IP passthrough.

Network_Topology 2.jpg

How do I subnet this address into two networks?

172.16.16.0 /24

I got...

172.16.16.1 - 172.16.63             255.255.255.192

172.16.16.66 - 172.16.16.126    255.255.255.128

Is this correct?

I would say no. There is IP address overlap.

"172.16.16.1 - 172.16.63             255.255.255.192"

Usable Host IP Range: 172.16.16.1 - 172.16.16.62

"172.16.16.66 - 172.16.16.126    255.255.255.128"

Usable Host IP Range:  172.16.16.1 - 172.16.16.126

I find this link very helpful in this regard.

https://www.calculator.net/ip-subnet-calculator.html

 

 

 

Kris K

I agree with Kris K that there is overlap in the addressing that you suggest. If you change the mask of 172.16.16.66 - 172.16.16.126 255.255.255.128 to 172.16.16.66 - 172.16.16.126 255.255.255.192 it would work.

HTH

Rick

Wildcard
Level 1
Level 1

Thanks for the help everyone. I really appreciate it and it has helped a lot. I have one final issue. After I assign port 1 to VLAN one. The internet goes down. Is there something I need to enable or do so that this does not happen?

As I understand it, it goes create VLANs, create DHCP pools, and then assign ports to VLANs. Do the names of the DHCP pools have to be the same as the VLAN names? Sorry for needing so much help. But I really do appreciate it and want to learn.

Part of your recent post is easy to answer and part is not. "Do the names of the DHCP pools have to be the same as the VLAN names?" The name of the DHCP pool does not need to be the same as the vlan name. The name of the DHCP pool is used only if there is more than one pool. The name of the first pool can be anything as long as it is different from the name of other pools.
The part that is  not: "After I assign port 1 to VLAN one. The internet goes down." We do not have enough specific information about the configuration of the port  to be  able to suggest  a solution 

HTH

Rick

Marc Neoberg
Level 1
Level 1
 

Step1

Router>enable
Router#config terminal
Router(config)#int fa0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit

Step2

Router(config)#
Router(config)#ip dhcp pool MY_LAN
Router(dhcp-config)#network 192.168.1.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.1.1
Router(dhcp-config)#dns-server 192.168.1.10

Step3

Router(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco