Link to home
Create AccountLog in
Networking Hardware-Other

Networking Hardware-Other

--

Questions

--

Followers

Top Experts

Avatar of Michael McCabe
Michael McCabe๐Ÿ‡บ๐Ÿ‡ธ

Cisco SG300-28 (L3) DHCP Relay and DHCP Server running?
I've replaced an edge switch (Catalyst) with a SG300-28 switch and it's in Layer 3 mode. ย 

We simply have (5) VLANs that the switch handles. ย 

(4) of the VLANs are set for DHCP Relay to my MS DC. ย  Those are working great.
but...
The last VLAN is our guest wifi network, and I was hoping to serve out DHCP with a generic DNS from the switch itself. ย The guest networks do not need to access the other vlans, it should be self sufficient with just getting it's address from the switch.

I'm receiving an error when I attempt to turn the DHCP server on for the switch because it has the relay setup on the other vlans. ย 

Am I not able to configure relays on 4 of my vlans and then have the switch server addressing on the final vlan at the same time?

Thanks!

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of Predrag JovicPredrag Jovic๐Ÿ‡ต๐Ÿ‡ฑ

You can configure DHCP as your other networks just ad ACL to deny traffic to any private address space.
Let's say that your wirelles network is in vlan 26

access-list 100 deny ip any 10.0.0.0 0.255.255.255
access-list 100 deny ip any 172.16.0.0 0.15.255.255
access-list 100 deny ip any 192.168.0.0 0.0.255.255
access-list 100 deny ip any 224.0.0.0 15.255.255.255
access-list 100 permit ip any any

# interface vlan 26
# ip access-group 100 in

This will only forward traffic that has public address space as destination address, rest of traffic will be dropped on VLAN interface.
Avatar of Michael McCabeMichael McCabe๐Ÿ‡บ๐Ÿ‡ธ

ASKER

The trouble isn't at the ACL. ย  But I agree that's a must for security.

My issue is I'm unable to enable the switch's DHCP server option if I have the DHCP Relay assigned on the (4) VLANs.

When I check the "enable" checkbox to engage the DHCP server there is a warning:
"Cannot enable DHCP server when relay is enabled."

User generated image
Avatar of Predrag JovicPredrag Jovic๐Ÿ‡ต๐Ÿ‡ฑ

Yes, you can't enable DHCP server while DHCP proxy is in use.
You can either create DHCP pool for that network on DC since you can't enable DHCP server on switch, or disable DHCP relay, enable DHCP server on switch and on VLAN interfaces you can create ip helper-address to point to DC as DHCP server for those 4 VLANs, and then wireless VLAN clients can get IP address from (no ip helper-address on VLAN interface that will point to DC).
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of Benjamin Van DitmarsBenjamin Van Ditmars๐Ÿ‡ณ๐Ÿ‡ฑ

Dont apply an ip address to the vlan. and let the firewall/router do this. also add in youre firewall/router acl's to block traffic from and to youre guest network. then youre secure
ASKER CERTIFIED SOLUTION
Avatar of Michael McCabeMichael McCabe๐Ÿ‡บ๐Ÿ‡ธ

ASKER

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of Michael McCabeMichael McCabe๐Ÿ‡บ๐Ÿ‡ธ

ASKER

Stated above
Networking Hardware-Other

Networking Hardware-Other

--

Questions

--

Followers

Top Experts

Networking hardware includes the physical devices facilitating the use of a computer network. Typically, networking hardware includes gateways, routers, network bridges, modems, wireless access points, networking cables, line drivers, switches, hubs, and repeaters. But it also includes hybrid network devices such as multilayer switches, protocol converters, bridge routers, proxy servers, firewalls, network address translators, multiplexers, network interface controllers, wireless network interface controllers, ISDN terminal adapters and other related hardware.