Wired Intelligent Edge

Hello Everyone,

I am trying to setup a dhcp pool for IAPs to pull from during configuration off of a S1500 switch.

I have the following in the switch... but what else is needed?

ip dhcp pool "pool-1"
   domain-name "doc-domain"
   network 192.168.1.0 255.255.255.0
   lease 30 24 60 60
   default-router 192.168.1.1
   dns-server 8.8.8.8
   exclude-address 192.168.1.1 192.168.1.3
   vendor-class-identifier testVendor
   option 50 ip 192.168.1.1
   option 54 text server1

-------------

#
# Configuration file for ArubaOS
version 7.2
enable secret "******"
hostname "ArubaS1500-24P"
clock timezone EST -5
location "Building1.floor1"
controller config 2
ip access-list eth validuserethacl
  permit any
!
netservice svc-dhcp udp 67 68
netservice svc-dns udp 53
netservice svc-ftp tcp 21
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-https tcp 443
netservice svc-icmp 1
netservice svc-kerberos udp 88
netservice svc-natt udp 4500
netservice svc-ntp udp 123
netservice svc-sip-tcp tcp 5060
netservice svc-sip-udp udp 5060
netservice svc-sips tcp 5061
netservice svc-smtp tcp 25
netservice svc-ssh tcp 22
netservice svc-telnet tcp 23
netservice svc-tftp udp 69
netservice svc-vocera udp 5002
netexthdr default
!
ip access-list stateless allowall-stateless
  any any any  permit
!
ip access-list stateless dhcp-acl-stateless
  any any svc-dhcp  permit
!
ip access-list stateless dns-acl-stateless
  any any svc-dns  permit
!
ip access-list stateless http-acl-stateless
  any any svc-http  permit
!
ip access-list stateless https-acl-stateless
  any any svc-https  permit
!
ip access-list stateless icmp-acl-stateless
  any any svc-icmp  permit
!
ip access-list stateless logon-control-stateless
  any any svc-icmp  permit
  any any svc-dns  permit
  any any svc-dhcp  permit
  any any svc-natt  permit
!
ip access-list session validuser
  network 169.254.0.0 255.255.0.0 any any  deny
  any any any  permit
  ipv6  alias any6   alias any6 any  permit
!
user-role authenticated
 access-list stateless allowall-stateless
!
user-role denyall
!
user-role guest
 access-list stateless http-acl-stateless
 access-list stateless https-acl-stateless
 access-list stateless dhcp-acl-stateless
 access-list stateless icmp-acl-stateless
 access-list stateless dns-acl-stateless
!
user-role logon
 access-list stateless logon-control-stateless
!
!

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2


no firewall attack-rate cp 1024
ipv6 firewall ext-hdr-parse-len  100

!

!
firewall cp
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country US
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
 auth-server Internal
 set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication wired
!
web-server
!
aaa password-policy mgmt
!
traceoptions
!
ip dhcp pool "pool-1"
   domain-name "doc-domain"
   network 192.168.1.0 255.255.255.0
   lease 30 24 60 60
   default-router 192.168.1.1
   dns-server 8.8.8.8
   exclude-address 192.168.1.1 192.168.1.3
   vendor-class-identifier testVendor
   option 50 ip 192.168.1.1
   option 54 text server1
!
service dhcp
!
qos-profile "default"
!
policer-profile "default"
!
ip-profile
!
interface-profile ospf-profile "default"
   area 0.0.0.0
!
interface-profile pim-profile "default"
!
interface-profile igmp-profile "default"
!
stack-profile
!
ipv6-profile
!
interface-profile switching-profile "default"
!
interface-profile poe-profile "default"
!
interface-profile poe-profile "poe-factory-initial"
   enable
!
interface-profile enet-link-profile "default"
!
interface-profile lldp-profile "default"
!
interface-profile lldp-profile "lldp-factory-initial"
   lldp transmit
   lldp receive
   med enable
!
interface-profile mstp-profile "default"
!
interface-profile pvst-port-profile "default"
!
vlan-profile mld-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
!
spanning-tree
   mode mstp
!
gvrp
!
mstp
!
lacp
!
vlan "1"
   igmp-snooping-profile "igmp-snooping-factory-initial"
!
interface gigabitethernet "0/0/22"
!
interface vlan "1"
!
interface-group gigabitethernet "default"
   apply-to ALL
   lldp-profile "lldp-factory-initial"
   poe-profile "poe-factory-initial"
!

snmp-server view ALL oid-tree iso included
snmp-server group ALLPRIV v1 read ALL notify ALL
snmp-server group ALLPRIV v2c read ALL notify ALL
snmp-server group ALLPRIV v3 noauth read ALL notify ALL
snmp-server group AUTHPRIV v3 priv read ALL notify ALL
snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL

snmp-server enable trap

process monitor log
end

Hi Ajinks,

You need to put "ip address 192.168.1.1 255.255.255.0" under "interface vlan 1".

Without an IP on the switch to serve from, it can't hand out any IPs.

Best regards,

Madani

You need an IP interface with 192.168.1.x on the switch.  You can use VLAN 1 or create another one (and move the ports to it).

For example,

interface vlan 1

    ip address 192.168.1.1 255.255.255.0