CBS350, private VLAN, DHCP

KJK99 · ‎04-14-2023

I have a CBS350 switch that is set up to do inter-VLAN routing and provide DHCP addresses. That has been working without any issues for quite a while. Recently, I have created a private VLAN on it which is working okay except for one issue. I cannot get DHCP addresses for isolated or community hosts. They do work with static IP addresses though and a device connected to the promiscuous port can obtain a DHCP address.

Have anybody been able to configure a CBS350 switch so it issues DHCP addresses to isolated or community hosts in a private VLAN?

Kris K

marce1000 · ‎04-14-2023

- Are you seeing DHCP requests arriving from the particular hosts in the logs of the DHCP server ? Also best to disable the Smartport feature ; review this document :
https://www.cisco.com/c/en/us/support/docs/smb/switches/Cisco-Business-Switching/kmgmt-2797-smartport-best-practices-CBS.html

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Flavio Miranda · ‎04-15-2023

Hi,

When you created the Private vlan, did you assign IP address for that or you created only in Layer 2?

If you create only Layer2 vlan and this is a private vlan, I believe DHCP request will not reach the DHCP service on the switch unless you assign IP to this Vlan.

KJK99 · ‎04-15-2023

@marce1000

I do not see any DHCP messages in the switch’s log. The logging level is set to ‘debug’. The Smartport feature is disabled. If I connect a device with a DHCP server to the promiscuous port, the isolated and community hosts can get DHCP addresses from it. The private VLAN works okay except for that DHCP issue with the switch’s internal DHCP server.

@Flavio Miranda

The primary VLAN has a SVI set up and the routing is working. Anyways, the DHCP server on those switches works even if they are configured as L2.

Kris K

Flavio Miranda · ‎04-15-2023

I am confuse. You said:

"Recently, I have created a private VLAN on it which is working okay except for one issue. I cannot get DHCP addresses for isolated or community hosts."

So, do you have IP address on the private vlan?

marce1000 · ‎04-15-2023

>...I do not see any DHCP messages in the switch’s log
The question (also) was whether you see any requests arriving from these hosts in the dhcp sever logs ,

M>

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

KJK99 · ‎04-15-2023

The DHCP server log on CBS350? I wish there was one.

Kris K

marce1000 · ‎04-15-2023

>...The DHCP server log on CBS350? I with there was one.
Sorry I thought you were using an external dhcp server , (not on the CBS) , actually that might be a good thing to try (and or test) a setup where the DHCP server is 'not local' (so to speak) ,

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

KJK99 · ‎04-15-2023

@Flavio Miranda

What do you mean? A private VLAN is actually a group of three types of VLANs, one primary and two secondary (isolated and community). I do not have any issue with the primary one. DHCP is working fine for it. DHCP for the secondary one is the issue and only with the switch's internal DHCP server.

Kris K

Flavio Miranda · ‎04-15-2023

Got it. If you have no problem on the Primary vlan enable DHCP snooping on the
primary VLAN, it is propagated to the secondary.

tuan-tran · ‎03-28-2024

@KJK99 Did you find a solution? @Flavio Miranda, enable DHCP snooping on the primary VLAN did not resolve the issue.

KJK99 · ‎03-28-2024

After learning more about the Private VLAN concept, I think that it's just not possible to do it at all. A DHCP server for a Private VLAN needs to be part of that VLAN and be connected to a promiscuous port. It cannot be a DHCP server that runs on a switch. The solution was to set up a DHCP server on the NAS that I already had connected to a promiscuous port.

Kris K