Cisco Private VLANs DHCP Server

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

How do i setup an DHCP server on my 3750x, that will work with all my private vlans?

Best greetings from Christian Josiassen

Georg Pauwen · ‎03-03-2021

Hello,

the 3750x can function as DHCP server for any range, private or public. Below an example of how the switch should be configured in order to provide IP addresses for three different Vlans. You can add as many as you want:

ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.30.1
!
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VLAN20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VLAN30
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8 8.8.4.4

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

So i can't use the same ip's for every pvlan?

Georg Pauwen · ‎03-03-2021

Hello,

my bad, I wasn't aware that you were talking about private Vlans...

Either way, the Cisco DHCP server assigns IP addresses from the block of addresses allocated to the primary VLAN to all secondary Vlans so yes, you can use the same IP addresses for all Vlans.

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

Is the config different then or is it the same as you send before just with the same ip's?

balaji.bandi · ‎03-03-2021

why do you need the same IP address for the Private VLAN, can you explain the use case here?

read the guidelines and Limitation :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/swpvlan.html#25653

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

I'm just getting confused with the different gateways, i have an cisco 5512x as gateway 192.168.1.1

Does the ASA have to be configured to work with the different gateways?

Sry for stupid questions, this is new to me.

balaji.bandi · ‎03-03-2021

I do not believe you need a private VLAN, since you are confused with Gateway and you want to make the same IP address for all VLANs.

what is the requirement here?

They do not require Internet access?

Simple is Setup a DHCP Server that can automatically be allocated IP address, you do not need to remember anything.

Add default route towards ASA, So ASA can take care of NAT and user can access the Internet?

is this what you think is correct? please confirm if we understand wrong here?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

they do need internet access

it's okay with the different ip's

i just need one isolated vlan

one community for my primary network

and one more community vlan for lab testing

paul driver · ‎03-03-2021

Hello

PVLAN isnt designed so you can reuse the same addressing its to isolate or segregate host within an address scope.

If you want to use the same addressing for multiple hosts then you would need to put those hosts in separate routing domains with vrf's.

As regards using DHCP with PVLANS never tried it to be honest but i would say your primary vlan would need a layer 3 interface associated with it so to enable the community and isolated vlans to retrieve an allocation

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

I don't need the same ip's, i just need two community vlans and one isolated vlan all with internet access and dhcp.

paul driver · ‎03-03-2021

Hello

@ChristianSchmidtJosiassen wrote:

So i can't use the same ip's for every pvlan?

I don't need the same ip's, i just need two community vlans and one isolated vlan all with internet access and dhcp.

I was replying to your previous comment - if you don't require the same ip then all good, So try adding a L3 interface for the primary vlan and test dhcp against it.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

How do i then get internet access for the vlans from my ASA?

balaji.bandi · ‎03-03-2021

Looks like you are confusing whole discussion, one of the posts you do not need internet, another post you asking you need internet?

Lets make clear goal and what you like to achieve.

1. you have ASA

2. You have got 3750 switch

how many VLAN you need ?

they connected, you want some VLAN Internet, some VLAN need to be Local is this correct.

Only question here is you do not need Private VLAN here, you can segment the network with different VLAN

Only VLAN required for the internet, you add them in ASA for NAT.

rest any way not go to the internet they dropped by ASA.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ChristianSchmidtJosiassen · ‎03-03-2021

Hi

That's also a solution, but how do i do that then?