Wired

last person joined: 8 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Switch powered DHCP

  • 1.  Switch powered DHCP

    Posted Aug 26, 2013 04:04 PM

    Hello Everyone,

     

    I am trying to setup a dhcp pool for IAPs to pull from during configuration off of a S1500 switch.

     

    I have the following in the switch... but what else is needed?

     

    ip dhcp pool "pool-1"
       domain-name "doc-domain"
       network 192.168.1.0 255.255.255.0
       lease 30 24 60 60
       default-router 192.168.1.1
       dns-server 8.8.8.8
       exclude-address 192.168.1.1 192.168.1.3
       vendor-class-identifier testVendor
       option 50 ip 192.168.1.1
       option 54 text server1

     

     

    -------------

    #
    # Configuration file for ArubaOS
    version 7.2
    enable secret "******"
    hostname "ArubaS1500-24P"
    clock timezone EST -5
    location "Building1.floor1"
    controller config 2
    ip access-list eth validuserethacl
      permit any
    !
    netservice svc-dhcp udp 67 68
    netservice svc-dns udp 53
    netservice svc-ftp tcp 21
    netservice svc-h323-tcp tcp 1720
    netservice svc-h323-udp udp 1718 1719
    netservice svc-http tcp 80
    netservice svc-https tcp 443
    netservice svc-icmp 1
    netservice svc-kerberos udp 88
    netservice svc-natt udp 4500
    netservice svc-ntp udp 123
    netservice svc-sip-tcp tcp 5060
    netservice svc-sip-udp udp 5060
    netservice svc-sips tcp 5061
    netservice svc-smtp tcp 25
    netservice svc-ssh tcp 22
    netservice svc-telnet tcp 23
    netservice svc-tftp udp 69
    netservice svc-vocera udp 5002
    netexthdr default
    !
    ip access-list stateless allowall-stateless
      any any any  permit
    !
    ip access-list stateless dhcp-acl-stateless
      any any svc-dhcp  permit
    !
    ip access-list stateless dns-acl-stateless
      any any svc-dns  permit
    !
    ip access-list stateless http-acl-stateless
      any any svc-http  permit
    !
    ip access-list stateless https-acl-stateless
      any any svc-https  permit
    !
    ip access-list stateless icmp-acl-stateless
      any any svc-icmp  permit
    !
    ip access-list stateless logon-control-stateless
      any any svc-icmp  permit
      any any svc-dns  permit
      any any svc-dhcp  permit
      any any svc-natt  permit
    !
    ip access-list session validuser
      network 169.254.0.0 255.255.0.0 any any  deny
      any any any  permit
      ipv6  alias any6   alias any6 any  permit
    !
    user-role authenticated
     access-list stateless allowall-stateless
    !
    user-role denyall
    !
    user-role guest
     access-list stateless http-acl-stateless
     access-list stateless https-acl-stateless
     access-list stateless dhcp-acl-stateless
     access-list stateless icmp-acl-stateless
     access-list stateless dns-acl-stateless
    !
    user-role logon
     access-list stateless logon-control-stateless
    !
    !

    crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
    crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
    crypto isakmp eap-passthrough eap-tls
    crypto isakmp eap-passthrough eap-peap
    crypto isakmp eap-passthrough eap-mschapv2


    no firewall attack-rate cp 1024
    ipv6 firewall ext-hdr-parse-len  100

    !

    !
    firewall cp
    packet-capture-defaults tcp disable udp disable sysmsg disable other disable
    !
    ip domain lookup
    !
    country US
    aaa authentication mac "default"
    !
    aaa authentication dot1x "default"
    !
    aaa server-group "default"
     auth-server Internal
     set role condition role value-of
    !
    aaa profile "default"
    !
    aaa authentication captive-portal "default"
    !
    aaa authentication vpn "default"
    !
    aaa authentication mgmt
    !
    aaa authentication wired
    !
    web-server
    !
    aaa password-policy mgmt
    !
    traceoptions
    !
    ip dhcp pool "pool-1"
       domain-name "doc-domain"
       network 192.168.1.0 255.255.255.0
       lease 30 24 60 60
       default-router 192.168.1.1
       dns-server 8.8.8.8
       exclude-address 192.168.1.1 192.168.1.3
       vendor-class-identifier testVendor
       option 50 ip 192.168.1.1
       option 54 text server1
    !
    service dhcp
    !
    qos-profile "default"
    !
    policer-profile "default"
    !
    ip-profile
    !
    interface-profile ospf-profile "default"
       area 0.0.0.0
    !
    interface-profile pim-profile "default"
    !
    interface-profile igmp-profile "default"
    !
    stack-profile
    !
    ipv6-profile
    !
    interface-profile switching-profile "default"
    !
    interface-profile poe-profile "default"
    !
    interface-profile poe-profile "poe-factory-initial"
       enable
    !
    interface-profile enet-link-profile "default"
    !
    interface-profile lldp-profile "default"
    !
    interface-profile lldp-profile "lldp-factory-initial"
       lldp transmit
       lldp receive
       med enable
    !
    interface-profile mstp-profile "default"
    !
    interface-profile pvst-port-profile "default"
    !
    vlan-profile mld-snooping-profile "default"
    !
    vlan-profile igmp-snooping-profile "default"
    !
    vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
    !
    spanning-tree
       mode mstp
    !
    gvrp
    !
    mstp
    !
    lacp
    !
    vlan "1"
       igmp-snooping-profile "igmp-snooping-factory-initial"
    !
    interface gigabitethernet "0/0/22"
    !
    interface vlan "1"
    !
    interface-group gigabitethernet "default"
       apply-to ALL
       lldp-profile "lldp-factory-initial"
       poe-profile "poe-factory-initial"
    !

    snmp-server view ALL oid-tree iso included
    snmp-server group ALLPRIV v1 read ALL notify ALL
    snmp-server group ALLPRIV v2c read ALL notify ALL
    snmp-server group ALLPRIV v3 noauth read ALL notify ALL
    snmp-server group AUTHPRIV v3 priv read ALL notify ALL
    snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL

    snmp-server enable trap

    process monitor log
    end




  • 2.  RE: Switch powered DHCP

    Posted Aug 26, 2013 04:12 PM

    Hi Ajinks,

    You need to put "ip address 192.168.1.1 255.255.255.0" under "interface vlan 1".

     

    Without an IP on the switch to serve from, it can't hand out any IPs.

     

    Best regards,

     

    Madani



  • 3.  RE: Switch powered DHCP

    Posted Aug 26, 2013 06:27 PM

    You need an IP interface with 192.168.1.x on the switch.  You can use VLAN 1 or create another one (and move the ports to it).

     

    For example,

     

    interface vlan 1

        ip address 192.168.1.1 255.255.255.0