cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3632
Views
0
Helpful
2
Replies

SG300 DHCP on VLAN not working

viningele
Level 3
Level 3

I have 3 AP-571, 1 RV320 and 1 SG300-28MP.  

My APs have two VLANs 1 & 50 with 50 being tagged on both ports although only one connection.

My RV320 is has no DHCP servers but set to relay to my SG300 SVLI's.

 

My SG300 is my dhcp server and in L3 mode.  I know I would have been better off in L2 mode and us the RV320 as server doing the intervlan routing but is now is waht it is.  I have 4 vlans in total and each has an interface and a dhcp scope defined.  My switch ports to the APs are trunks with all VLANs included 1 untagged and the others tagged.

 

My wifi guest network has no password and that is on vlan 50 but I do not get an IP address from the server and it did work before I replaced to old APs with the 571's but I don't think the 571's are the problem.

 

I do have ACL's to prevent VLAN 50 from accessing the other VLAN.  

 

What am I missing?  Why do I not get an IP?  If I change the guest wi-fi to vlan 1 it obviously works and I've read in other posts that others have had issue with receiving a dhcp IP on vlans.

 

config

config-file-header
SG300-28MP
v1.4.8.6 / R800_NIK_1_4_202_008
CLI v1.0
set system mode router

file SSD indicator plaintext
@
vlan database
vlan 25,50,100
exit
no eee enable
ip dhcp server
ip dhcp excluded-address 192.168.185.221 192.168.185.230
ip dhcp pool host FIOS-MODEM
address 192.168.185.122 255.255.255.0 client-identifier 01:00:7f:28:d9:bb:75
default-router 192.168.185.254
dns-server 8.8.8.8
exit
ip dhcp pool network AMX-POOL
address low 192.168.186.100 high 192.168.186.150 255.255.255.0
default-router 192.168.186.254
dns-server 8.8.8.8 8.8.4.4 192.168.185.1
exit
ip dhcp pool network CAM-POOL
address low 192.168.187.130 high 192.168.187.150 255.255.255.0
default-router 192.168.187.254
dns-server 8.8.8.8 8.8.4.4 192.168.185.1
exit
ip dhcp pool network GUEST-POOL
address low 192.168.188.100 high 192.168.188.149 255.255.255.0
default-router 192.168.188.254
dns-server 8.8.8.8
exit
ip dhcp pool network VLAN-1-POOL
address low 192.168.185.50 high 192.168.185.149 255.255.255.0
default-router 192.168.185.254
dns-server 8.8.8.8
exit
no boot host auto-config
bonjour interface range vlan 1
ip access-list extended DENY-GUESTS-IN
deny ip 192.168.188.0 0.0.0.255 192.168.185.0 0.0.0.255 ace-priority 1
deny ip 192.168.188.0 0.0.0.255 192.168.186.0 0.0.0.255 ace-priority 2
deny ip 192.168.188.0 0.0.0.255 192.168.187.0 0.0.0.255 ace-priority 3
permit ip any any ace-priority 6
exit
ip access-list extended ALLOW-NON-GUESTS
deny ip 192.168.188.0 0.0.0.255 any ace-priority 2
permit ip any any ace-priority 3
exit
ip access-list extended ALLOW-ANY-ANY
permit ip any any ace-priority 1
exit
ip access-list extended Deny-Guests-LAN
deny ip 192.168.188.0 0.0.0.255 192.168.0.0 0.0.255.255 ace-priority 1
exit
hostname SG300-28MP
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
passwords complexity min-length 3
no passwords complexity enable
passwords complexity min-classes 1
passwords aging 0
xxxxxxxxxxxxxxxxxxx 
ip ssh server
snmp-server location "AV Room"
snmp-server contact VAV
ip http timeout-policy 1800
clock timezone " " -5
clock summer-time web recurring usa
clock source sntp
clock source browser
sntp unicast client enable
sntp unicast client poll
sntp server time-c.timefreq.bldrdoc.gov poll
ip name-server 8.8.8.8 8.8.4.4 192.168.185.1
ip telnet server
!
interface vlan 1
ip address 192.168.185.254 255.255.255.0
no ip address dhcp
service-acl input Deny-Guests-LAN default-action permit-any
!
interface vlan 25
name AMX
ip address 192.168.186.254 255.255.255.0
ip dhcp relay enable
service-acl input Deny-Guests-LAN default-action permit-any
!
interface vlan 50
name Guest-WiFi
ip address 192.168.188.254 255.255.255.0
ip dhcp relay enable
service-acl input Deny-Guests-LAN default-action permit-any
!
interface vlan 100
name Cameras
ip address 192.168.187.254 255.255.255.0
ip dhcp relay enable
service-acl input Deny-Guests-LAN default-action permit-any
!
interface gigabitethernet1
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet2
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet3
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet4
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet5
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet6
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet7
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet8
description BSMNT-BED
port security max 10
port security mode max-addresses
service-acl input Deny-Guests-LAN default-action permit-any
switchport mode access
switchport access vlan 50
power inline limit 0
power inline never
!
interface gigabitethernet9
description AIRPORT-EXPRESS
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet10
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
power inline limit 0
power inline never
!
interface gigabitethernet11
description SYN-DS-1
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 100
power inline limit 0
power inline never
!
interface gigabitethernet12
description SYN-DS-2
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 100
power inline limit 0
power inline never
!
interface gigabitethernet13
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 25
!
interface gigabitethernet14
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 25
!
interface gigabitethernet15
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 25
!
interface gigabitethernet16
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 25
!
interface gigabitethernet17
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 25
!
interface gigabitethernet18
description Back-Patio-Cam
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 100
!
interface gigabitethernet19
description Back-BBQ-Cam
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 100
!
interface gigabitethernet20
description Porch-Cam
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 100
!
interface gigabitethernet21
description Driveway-Cam
port security max 10
port security mode max-addresses
service-acl input ALLOW-ANY-ANY default-action permit-any
switchport mode access
switchport access vlan 100
!
interface gigabitethernet22
description Playroom-AP-TRNK
port security max 256
port security mode max-addresses
spanning-tree link-type point-to-point
service-acl input Deny-Guests-LAN default-action permit-any
switchport trunk allowed vlan add 25,50,100
macro description ap
macro auto smartport type ap $native_vlan 1
!
interface gigabitethernet23
description Pantry-AP-TRNK
port security max 256
port security mode max-addresses
spanning-tree link-type point-to-point
service-acl input Deny-Guests-LAN default-action permit-any
switchport trunk allowed vlan add 25,50,100
macro description ap
macro auto smartport type ap $native_vlan 1
!
interface gigabitethernet24
description Center-BED-AP-TRNK
port security max 256
port security mode max-addresses
spanning-tree link-type point-to-point
service-acl input Deny-Guests-LAN default-action permit-any
switchport trunk allowed vlan add 25,50,100
macro description ap
macro auto smartport type ap $native_vlan 1
!
interface gigabitethernet25
description TO-RV320-TRNK
storm-control broadcast enable
storm-control broadcast level 10
port security max 256
port security mode max-addresses
spanning-tree link-type point-to-point
service-acl input Deny-Guests-LAN default-action permit-any
switchport trunk allowed vlan add 25,50,100
macro description router
macro auto smartport type router $native_vlan 1
!
interface gigabitethernet26
description AMX-GRP-SW
port security max 256
port security mode max-addresses
spanning-tree link-type point-to-point
service-acl input Deny-Guests-LAN default-action permit-any
switchport mode access
switchport access vlan 25
macro description "switch "
!
interface gigabitethernet27
switchport mode access
!
interface gigabitethernet28
switchport mode access
!
exit
ip dhcp snooping vlan 25
ip dhcp snooping vlan 50
ip dhcp snooping vlan 100
ip default-gateway 192.168.185.1
ip ssh-client key rsa key-pair

1 Accepted Solution

Accepted Solutions

mipopov
Cisco Employee
Cisco Employee

Hello,

remove these commands:

   ip dhcp relay enable

from configuration. dhcp relay is used to relay (transit) the packets. You do not need this because the switch itself is a DHCP server.

 

Cheers,

Mike

View solution in original post

2 Replies 2

mipopov
Cisco Employee
Cisco Employee

Hello,

remove these commands:

   ip dhcp relay enable

from configuration. dhcp relay is used to relay (transit) the packets. You do not need this because the switch itself is a DHCP server.

 

Cheers,

Mike

I updated it remotely but the client said it’s now working.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X