Hello, thank you for the

wladyslaw1951 · ‎04-23-2015

Hi,

I can't get working DHCP server on SG300 (layer 2) on interfaces set as "Private VLAN - Host".

I described my setup here. Everything works well except assigning addresses on ports with secondary VLANs

here is my setup:

VLANs:

vlan database
vlan 2,20,200
exit
interface vlan 200
private-vlan primary
exit
interface range vlan 2,vlan20
private-vlan community
exit

DHCP server:

ip dhcp server
ip dhcp excluded-address 192.168.1.100 192.168.1.100
ip dhcp pool network Pool1
address low 192.168.1.1 high 192.168.1.254 255.255.255.0
lease 8
domain-name local
default-router 192.168.1.128
dns-server 192.168.1.128
exit

other settings:

ip domain name local
ip name-server  192.168.1.128 8.8.8.8
!
interface vlan 2
 name SURVEILLANCE
!
interface vlan 20
 name CLIENTS
!
interface vlan 200
 name PRIMARY
 ip address 192.168.1.100 255.255.255.0
 no ip address dhcp
 private-vlan association add 2,20
!

interfaces:

GE5 - to router

interface gigabitethernet5
 switchport mode private-vlan promiscuous
 switchport private-vlan mapping 200 add 2
!

GE13 - to client PC (for testing)

interface gigabitethernet13
 switchport mode access
 switchport access vlan 200
!

GE17 - to IP camera

interface gigabitethernet17
 switchport mode private-vlan host
 switchport private-vlan host-association 200 2
!

GE18 - to client PC

interface gigabitethernet18
 switchport mode private-vlan host
 switchport private-vlan host-association 200 20
!

GE26 - to server (recoder and file server)

interface gigabitethernet26
 switchport mode private-vlan promiscuous
 switchport private-vlan mapping 200 add 2,20
!
exit

other settings:

ip default-gateway 192.168.1.128

I can communicate from GE13, GE18 to GE5 and GE26

I can communicate from GE26, GE5 to GE13, GE17, GE18

Clients on GE5, GE13 and GE26 obtains an IP address correctly.

Clients on GE17 and GE18 can't obtain an IP address.

Summary:

Hosts connected to access mode ports (untagged VLAN 200) can cooperate with DHCP;

Hosts connected to private-vlan promiscuous mode ports can cooperate with DHCP;

Hosts connected to private-vlan host mode ports cannot cooperate with DHCP

Can anyone help me with this setup?

cchamorr · ‎04-23-2015

Hello,

I'm sorry you are having issues configuring the device.

The first and main question that I can ask is if your switch is definitely on Layer 2 or not.

If it is on Layer 2 then you will be able to enter the configuration fro the DHCP server but it will not work, the only way for the switch to be able to hand out IP address is to be on layer 3.

Please confirm and let us know.

If you need to change it to layer 3, please keep in mind that when you do so, the switch will factory reste and you will have to configure everything from scratch.

wladyslaw1951 · ‎04-24-2015

Hello, thank you for the answer.

Yes, the switch is on Layer 2 (as I mentioned above).

You said:

If it is on Layer 2 then you will be able to enter the configuration fro the DHCP server but it will not work

But the DHCP server is working in Layer 2 on my switch. It assigns addresses correctly in regular VANs al well as in Primary VLANs. The only problem is with community VLANs.

cchamorr · ‎04-24-2015

Hello,

I'm sorry, I'm afraid I'm not following.

The switch has the DHCP options still available on layer 2 and, if configured, it can provide IP addresses for the VLAN which the management IP address is on. Besides that, the switch, by itself, won't be able to assign IP addresses to any other VLAN because it wouldn't know what VLAN is supposed to receive what IP address even if the pools are configured.

Maybe we are missing some more network information, for example the Topology, also I didn't see any information for any other address pool on the info you sent.

I may not be understanding your issue or your configuration correctly, so, more information will definitely help.

wladyslaw1951 · ‎04-25-2015

Here is my setup:

You can read what I did here: LINK (second post). I think, I don't need additional pools.

I think the problem is that DHCP server (which is on the switch) can't assign IP addresses to community VLANs because although it is on the VLAN 200, but it isn't member of Primary VLAN.

Am I right?

If yes, if I create additional promiscuous port with primary VLAN 200 and connect an external DHCP server to it, I should be able to obtain IP addresses on clients in community VLAN.

Brandon Svec · ‎04-27-2015

As I understand DHCP server is only supported in L3 mode. I think changing the switch to L3 will solve this issue for you and allow you to create a pool on VLAN 200 (or others if you wish). You can also have an external DHCP server anywhere that is routable and use the DHCP relay feature. Here is a post about it that should help if you want to go that route: http://community.spiceworks.com/topic/444029-cisco-switch-in-l3-mode-enable-ip-helper-for-dhcp

-- please remember to rate and mark answered helpful posts --

wladyslaw1951 · ‎05-01-2015

The DHCP server on SG300 works fine in layer 2 mode, except that it doesn't work in Private VLAN in L2.

It looks like services on the switch work only in regular VLAN and there is no possibility to force them to act in Private VALNs (or I can't set up it properly).

I connected an external DHCP server (to the promiscuous port) for testing purposes and it works as I expected: the external DHCP server assigns addresses to all private VLANs: a Primary VLAN as well as a Community VLAN.

SG300 as DHCP server on private vlan is not working