Adding a seocnd / sub DHCP pool

Unanswered Question
Jul 26th, 2012

We have the configuration below set up in a 3560 switch (addresses and names modified for privacy). We are running out of dynamic IP’s in the current pool (6.35.159.0 – 6.35.159.255). We have a new set of IP’s that we can use (6.44.56.0 – 6.44.57.255 – an additional 512 addresses). Although I can figure out the commands to add a new dhcp pool, secondary subnet, etc., I’ve never done this before so I’m not sure of everything I need to do. The end result I need is that the 3560 needs to be able to hand out IP addresses from the current and new pool to anything connecting to vlan 300 – our datanet where computers access the Internet. Can someone take a look at the configuration below and tell me exactly what I need to do as far as modifying the vlan, adding the secondary subnet, defining helper IP’s, gateways, whatever, so that computers connecting via vlan 300 have Internet access via either of the pools?  I have been told that all I need to do is create the pool, but not sure if that is correct...

Thanks

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.12 09:31:53 =~=~=~=~=~=~=~=~=~=~=~=

show running-config

Building configuration...

Current configuration : 5727 bytes

!

! Last configuration change at 14:10:57 UTC Thu May 31 2012 by user1

! NVRAM config last updated at 14:14:46 UTC Thu May 31 2012 by user1

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Business-Core

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret 5 $1$DY7I$MfTqxNyT9H.1pkF9W8E681

!

username userold password 0 funyjoke

username user1 password 0 sunnyvale

!

--More--         !

aaa new-model

!

!

aaa authentication login default local

!

!

!

aaa session-id common

system mtu routing 1500

authentication mac-move permit

no ip subnet-zero

ip routing

ip dhcp excluded-address 6.35.159.1 6.35.159.25

!

ip dhcp pool DHCP_Pool1

   network 6.35.159.0 255.255.255.0

   default-router 6.35.159.1

   dns-server 8.8.8.8 8.8.4.4

   domain-name funnybiz.net

   lease 0 8

!

!

--More--         ip domain-name funnybiz.net

ip name-server 6.35.158.4

!

mls qos

!

!

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

spanning-tree uplinkfast

spanning-tree backbonefast

spanning-tree vlan 5,200,300,400,738 priority 4096

!

!

!

!

vlan internal allocation policy ascending

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

!

--More--         !

interface Loopback100

no ip address

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

no ip mroute-cache

shutdown

!

interface GigabitEthernet0/1

no switchport

ip address dhcp

!

interface GigabitEthernet0/2

description datafarm A DNS/DHCP

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

--More--         !

interface GigabitEthernet0/5

!

interface GigabitEthernet0/6

!

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

description datafarm A HA

switchport access vlan 200

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/11

description datafarm B HA

switchport access vlan 200

switchport mode access

spanning-tree portfast

!

--More--         interface GigabitEthernet0/12

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 200,300,400

switchport mode trunk

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

description laptop test port

switchport access vlan 300

switchport mode access

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

switchport access vlan 300

switchport mode access

!

interface GigabitEthernet0/18

--More--         switchport access vlan 300

switchport mode access

!

interface GigabitEthernet0/19

switchport access vlan 200

switchport mode access

shutdown

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

switchport access vlan 300

switchport mode access

!

interface GigabitEthernet0/22

switchport access vlan 200

switchport mode access

!

interface GigabitEthernet0/23

description datafarm B

switchport access vlan 200

switchport mode access

spanning-tree portfast

--More--         !

interface GigabitEthernet0/24

description datafarm A

switchport access vlan 200

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/1

description Interface to link 3 Network

no switchport

ip address 7.15.134.62 255.255.255.252

ip access-group 100 in

speed nonegotiate

!

interface GigabitEthernet1/2

speed nonegotiate

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

switchport access vlan 300

switchport mode access

!

--More--         interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan200

description CORE IP Network

ip address 6.35.158.1 255.255.255.128

hold-queue 1000 in

!

interface Vlan300

description Access Network

ip address 6.35.159.1 255.255.255.0

ip helper-address 6.35.159.1

no ip redirects

no ip mroute-cache

!

interface Vlan400

ip address 6.35.158.129 255.255.255.128

hold-queue 1000 in

--More--         !

interface Vlan735

no ip address

!

interface Vlan738

description Interface to link 3 Network

no ip address

!

ip classless

ip route 0.0.0.0 0.0.0.0 4.28.134.61

ip route 6.35.158.0 255.255.255.128 Vlan200

ip route 6.35.158.128 255.255.255.128 Vlan400

ip route 6.35.159.0 255.255.255.0 Vlan300

no ip http server

no ip http secure-server

!

ip sla enable reaction-alerts

access-list 100 permit tcp 63.209.193.0 0.0.0.63 6.35.158.128 0.0.0.127 range 5060 5061

access-list 100 permit tcp 63.209.193.0 0.0.0.63 6.35.158.0 0.0.0.127 range 5060 5061

access-list 100 permit udp 63.209.193.0 0.0.0.63 6.35.158.128 0.0.0.127 range 5060 5061

--More--         access-list 100 permit udp 63.209.193.0 0.0.0.63 6.35.158.0 0.0.0.127 range 5060 5061

access-list 100 permit tcp 208.85.134.0 0.0.0.255 6.35.158.128 0.0.0.127 range 5060 5061

access-list 100 permit tcp 208.85.134.0 0.0.0.255 6.35.158.0 0.0.0.127 range 5060 5061

access-list 100 permit udp 208.85.134.0 0.0.0.255 6.35.158.128 0.0.0.127 range 5060 5061

access-list 100 permit udp 208.85.134.0 0.0.0.255 6.35.158.0 0.0.0.127 range 5060 5061

access-list 100 deny   tcp any 6.35.158.128 0.0.0.127 range 5060 5061

access-list 100 deny   tcp any 6.35.158.0 0.0.0.127 range 5060 5061

access-list 100 deny   udp any 6.35.158.128 0.0.0.127 range 5060 5061

access-list 100 deny   udp any 6.35.158.0 0.0.0.127 range 5060 5061

access-list 100 permit ip any any

no cdp run

snmp-server community public RO

!

!

line con 0

line vty 0 4

exec-timeout 60 0

transport input ssh

--More--         line vty 5 15

exec-timeout 60 0

transport input ssh

!

!

monitor session 1 source interface Gi1/1

monitor session 1 destination interface Gi0/16

ntp clock-period 36027429

ntp source GigabitEthernet1/1

ntp server 64.90.182.55

end

Business-Core#exit

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
darren.g Thu, 07/26/2012 - 19:14

steven smith wrote:

We have the configuration below set up in a 3560 switch (addresses and names modified for privacy). We are running out of dynamic IP’s in the current pool (6.35.159.0 – 6.35.159.255). We have a new set of IP’s that we can use (6.44.56.0 – 6.44.57.255 – an additional 512 addresses). Although I can figure out the commands to add a new dhcp pool, secondary subnet, etc., I’ve never done this before so I’m not sure of everything I need to do. The end result I need is that the 3560 needs to be able to hand out IP addresses from the current and new pool to anything connecting to vlan 300 – our datanet where computers access the Internet. Can someone take a look at the configuration below and tell me exactly what I need to do as far as modifying the vlan, adding the secondary subnet, defining helper IP’s, gateways, whatever, so that computers connecting via vlan 300 have Internet access via either of the pools?  I have been told that all I need to do is create the pool, but not sure if that is correct...

Thanks

Steven.

As far as I know, you can't do that. You can't have a DHCP server allocating IP addresses in a completely different subnet for the network involved - and you've specified you want VLAN300 to have allocations from *both* pools.

What you could do is create another VLAN and put your "new" nodes into that VLAN - or spread your ports across VLAN's and move the load into the second pool - call it VLAN 301 and just duplicate your existing configurations for VLAN 300 (changing IP addresses as necessary) - but I don't know of a way to do what you want in one VLAN.

Sorry I can't be more help.

Sandeep Choudhary Fri, 07/27/2012 - 01:42

HI Steven,

We vcan not configure  2 diff network on a single dhcp pool.

If you wasnt then you can create 2 shcp pool and then assign the address, it will work

Regards

Please rate if it helps.

Actions

Login or Register to take actions

This Discussion

Posted July 26, 2012 at 10:33 AM
Stats:
Replies:3 Avg. Rating:
Views:801 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard