Wired

last person joined: 18 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

DHCP on 2500

Jump to Best Answer
  • 1.  DHCP on 2500

    Posted May 16, 2014 08:25 AM

    Just got my first Aruba switch (Aruba 2500) yesterday and started playing with it today.  I set DHCP scopes, VLANs with with ip adresses and subnet, switching-profiles, etc, etc

     

    I plugged in APs and a pc to different vlan ports and nothing could get an ip.  When I check DHCP stats I see that "DHCP is currently disabled".  Simple enough, I thought.  then I spent more than an hour googling about global enable of DHCP and I'm comming up empty.

     

    I did find a post about DHCP and Port Security.  So I created a Port Security Group, told it that DHCP was trusted, applied that to interface groups and it still wont go.

     

    I know I am missing something little, but searching is not giving me much.

     

    Help a noob please!

     

    Some helpful output:

     

    (ArubaS2500-24P) #show ip dhcp statistics
    DHCP is currently disabled

     

    (ArubaS2500-24P) #show run
    Building Configuration...

    #
    # Configuration file for ArubaOS
    version 7.2
    enable secret "******"
    hostname "ArubaS2500-24P"
    clock timezone CST -6
    location "Building1.floor1"
    controller config 2
    ip access-list eth validuserethacl
    permit any
    !
    netservice svc-dhcp udp 67 68
    netservice svc-dns udp 53
    netservice svc-ftp tcp 21
    netservice svc-h323-tcp tcp 1720
    netservice svc-h323-udp udp 1718 1719
    netservice svc-http tcp 80
    netservice svc-https tcp 443
    netservice svc-icmp 1
    netservice svc-kerberos udp 88
    netservice svc-natt udp 4500
    netservice svc-ntp udp 123
    netservice svc-sip-tcp tcp 5060
    netservice svc-sip-udp udp 5060
    netservice svc-sips tcp 5061
    netservice svc-smtp tcp 25
    netservice svc-ssh tcp 22
    netservice svc-telnet tcp 23
    netservice svc-tftp udp 69
    netservice svc-vocera udp 5002
    netexthdr default
    !
    ip access-list stateless allowall-stateless
    any any any permit
    !
    ip access-list stateless dhcp-acl-stateless
    any any svc-dhcp permit
    !
    ip access-list stateless dns-acl-stateless
    any any svc-dns permit
    !
    ip access-list stateless http-acl-stateless
    any any svc-http permit
    !
    ip access-list stateless https-acl-stateless
    any any svc-https permit
    !
    ip access-list stateless icmp-acl-stateless
    any any svc-icmp permit
    !
    ip access-list stateless logon-control-stateless
    any any svc-icmp permit
    any any svc-dns permit
    any any svc-dhcp permit
    any any svc-natt permit
    !
    ip access-list session validuser
    network 169.254.0.0 255.255.0.0 any any deny
    any any any permit
    ipv6 alias any6 alias any6 any permit
    !
    user-role authenticated
    access-list stateless allowall-stateless
    !
    user-role denyall
    !
    user-role guest
    access-list stateless http-acl-stateless
    access-list stateless https-acl-stateless
    access-list stateless dhcp-acl-stateless
    access-list stateless icmp-acl-stateless
    access-list stateless dns-acl-stateless
    !
    user-role logon
    access-list stateless logon-control-stateless
    !
    !

    crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
    crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
    crypto isakmp eap-passthrough eap-tls
    crypto isakmp eap-passthrough eap-peap
    crypto isakmp eap-passthrough eap-mschapv2


    mgmt-user admin root e6c4b24d01a34cf423558a9abac34d6d09f4bee7a3e0528aef

     

    no firewall attack-rate cp 1024
    firewall disable-stateful-sip-processing
    firewall disable-stateful-h323-processing
    firewall disable-stateful-sccp-processing
    firewall disable-stateful-vocera-processing
    firewall disable-stateful-ua-processing
    ipv6 firewall ext-hdr-parse-len 100

    !

    !
    firewall cp
    packet-capture-defaults tcp disable udp disable sysmsg disable other disable
    !
    ip domain lookup
    !
    country US
    aaa authentication mac "default"
    !
    aaa authentication dot1x "default"
    !
    aaa server-group "default"
    auth-server Internal
    set role condition role value-of
    !
    aaa profile "default"
    !
    aaa authentication captive-portal "default"
    !
    aaa authentication vpn "default"
    !
    aaa authentication mgmt
    !
    aaa authentication wired
    !
    web-server
    !
    aaa password-policy mgmt
    !
    traceoptions
    !
    ip dhcp pool "APs"
    network 10.107.107.0 255.255.255.0
    default-router 10.107.107.1
    vendor-class-identifier ArubaAP
    option 43 ip 10.7.70.100
    !
    ip dhcp pool "SERVERS"
    network 10.7.70.0 255.255.255.0
    default-router 10.7.70.1
    dns-server 8.8.8.8
    no vendor-class-identifier
    !
    qos-profile "default"
    !
    policer-profile "default"
    !
    ip-profile
    !
    lcd-menu
    !
    interface-profile ospf-profile "default"
    area 0.0.0.0
    !
    interface-profile pim-profile "default"
    !
    interface-profile igmp-profile "default"
    !
    stack-profile
    !
    ipv6-profile
    !
    interface-profile switching-profile "default"
    !
    interface-profile switching-profile "TRUNK"
    switchport-mode trunk
    trunk allowed vlan 70-71
    !
    interface-profile switching-profile "vlan20-sw"
    access-vlan 20
    native-vlan 20
    !
    interface-profile switching-profile "vlan70-sw"
    access-vlan 70
    native-vlan 70
    !
    interface-profile poe-profile "default"
    !
    interface-profile poe-profile "OFF"
    !
    interface-profile poe-profile "ON"
    enable
    !
    interface-profile poe-profile "poe-factory-initial"
    enable
    !
    interface-profile enet-link-profile "default"
    !
    interface-profile lldp-profile "default"
    !
    interface-profile lldp-profile "lldp-factory-initial"
    lldp transmit
    lldp receive
    med enable
    !
    interface-profile mstp-profile "default"
    !
    interface-profile pvst-port-profile "default"
    !
    interface-profile dhcp-relay-profile "DHCP"
    !
    interface-profile port-security-profile "PS-DHCP"
    trust dhcp
    !
    vlan-profile mld-snooping-profile "default"
    !
    vlan-profile igmp-snooping-profile "default"
    !
    vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
    !
    spanning-tree
    mode mstp
    !
    gvrp
    !
    mstp
    !
    lacp
    !
    poe-management-profile slot "1"
    poe-powermanagement static
    !
    vlan "1"
    igmp-snooping-profile "igmp-snooping-factory-initial"
    !
    vlan "20"
    description "ACCESS_POINTS"
    !
    vlan "70"
    description "SERVERS"
    !
    vlan "71"
    description "EMPLOYEE"
    !
    vlan "99"
    description "GUEST"
    !
    interface gigabitethernet "0/0/0"
    !
    interface gigabitethernet "0/0/12"
    switching-profile "vlan70-sw"
    port-security-profile "PS-DHCP"
    !
    interface gigabitethernet "0/0/23"
    switching-profile "TRUNK"
    !
    interface vlan "1"
    !
    interface vlan "20"
    ip address 10.107.107.1 255.255.255.0
    !
    interface vlan "70"
    ip address 10.7.70.1 255.255.255.0
    !
    interface mgmt
    !
    interface-group gigabitethernet "APs"
    !
    interface-group gigabitethernet "default"
    apply-to ALL
    lldp-profile "lldp-factory-initial"
    poe-profile "poe-factory-initial"
    !
    interface-group gigabitethernet "vlan20-grp"
    apply-to 0/0/0-0/0/4
    poe-profile "ON"
    switching-profile "vlan20-sw"
    !

    snmp-server view ALL oid-tree iso included
    snmp-server group ALLPRIV v1 read ALL notify ALL
    snmp-server group ALLPRIV v2c read ALL notify ALL
    snmp-server group ALLPRIV v3 noauth read ALL notify ALL
    snmp-server group AUTHPRIV v3 priv read ALL notify ALL
    snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL

    snmp-server enable trap

    process monitor log
    end



  • 2.  RE: DHCP on 2500
    Best Answer

    Posted May 16, 2014 08:27 AM

    Guy_in_iowa,

    Add "service dhcp" to you configuration.

     

    Best regards,

     

    Madani



  • 3.  RE: DHCP on 2500

    Posted May 16, 2014 08:29 AM

    yep, that did it.  Devices pulled IPs right away.

     

    I knew it was something easy.  

     

    Thanks!