Cisco DHCP server & VRF

René Jorissen on December 12, 2012 • 4 Comments • Tags: #cisco #class #connected #dhcp #excludedaddress #exclusion #ios #server #use #vrf

I had some issues while configuring some VRF’s on a Cisco router and using that router as a DHCP server. First of all the router wasn’t binding any DHCP request. The DHCP server configuration is defined below.

ip dhcp pool guest
vrf vrf-guest
network 10.10.0.0 255.255.252.0
default-router 10.10.0.1
domain-name internet-only.nl
dns-server 208.67.222.222 208.67.220.222

The configuration of the DHCP server is very straightforward. Exception is the use of the VRF interface to bind the DHCP server to. With this configuration the DHCP server isn’t working, because no IP addresses are bind to clients.

The magic to get DHCP working is found in the command ip dhcp use vrf connected. More information about the command can be found here or here.

The second issue is about configuring some IP address exclusions for the configured pool. This can be done via the command ip dhcp excluded-address vrf <vrf-name> <first ip-address> <last ip-address> (info). Depending on the IOS version used, this command isn’t available in CLI. I had this issue with the CIsco 2811 I was using, so I tried to ip dhcp class command. I added the following to the configuration of the DHCP server.

ip dhcp class dhcp_class_unsecure
remark limit IP addresses
!
ip dhcp pool unsecure
vrf unsecure
network 172.16.252.0 255.255.252.0
default-router 172.16.252.1
domain-name internet-only.nl
dns-server 208.67.222.222 208.67.220.220
class dhcp_class_unsecure
address range 172.16.253.1 172.16.253.255

This isn’t exactly the same as configuring IP exclusions, because the ip dhcp class command is used to group clients on specific characteristics. Clients that match these characteristics are assigned an IP address from the specific class. In my situation the use of the ip dhcp class command fixed the problem.

Bio
Latest Posts

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions

René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

MacOS Big Sur and SSLKEYFILELOG - November 23, 2021
ClearPass, Azure AD, SSO and Object ID - August 12, 2021
ClearPass – custom MPSK - July 20, 2021

Nawir says:

May 24, 2013 at 2:47 am

Hi,

Since you ever configure Citrix, I want to share my experience with Cisco Switch DHCP pool.
Yesterday I encounter 1 problem which KMS server can’t update win7 license.
I found out that because AD DNS have wrong client ip.
So in order for Switch DHCP to working correctly, it need to tell AD DNS to update client ip. In other word it need to support DDNS.
I haven’t found article on how to configure DDNS dhcp in Switch except router.
My switch is Catalyst 4507.
If you found please email me.
Greetings from Brunei
Roger says:

May 11, 2015 at 7:50 am

Thank you!!
Prashant Desai says:

June 9, 2017 at 1:40 pm

I am trying to implement path isolation using vrf lite. Essentially i want to separate the student network and the corporate network in a mid sized campus environment. I have a dhcp server that is used for the student network. If i configure the vrf for student and do the routing using eigrp in a hub and spoke topology, will the dhcp server need to be a part of the vrf ?
Thanks
marko says:

October 28, 2019 at 8:37 am

thx!

This site uses Akismet to reduce spam. Learn how your comment data is processed.