Configuration Example, Routing

Cisco DHCP server & VRF

René Jorissen on December 12, 2012 4 Comments • Tags: #cisco #class #connected #dhcp #excluded-address #exclusion #ios #server #use #vrf

I had some issues while configuring some VRF’s on a Cisco router and using that router as a DHCP server. First of all the router wasn’t binding any DHCP request. The DHCP server configuration is defined below.

ip dhcp pool guest
vrf vrf-guest

The configuration of the DHCP server is very straightforward. Exception is the use of the VRF interface to bind the DHCP server to. With this configuration the DHCP server isn’t working, because no IP addresses are bind to clients.

The magic to get DHCP working is found in the command ip dhcp use vrf connected. More information about the command can be found here or here.

The second issue is about configuring some IP address exclusions for the configured pool. This can be done via the command ip dhcp excluded-address vrf <vrf-name> <first ip-address> <last ip-address> (info). Depending on the IOS version used, this command isn’t available in CLI. I had this issue with the CIsco 2811 I was using, so I tried to ip dhcp class command. I added the following to the configuration of the DHCP server.

ip dhcp class dhcp_class_unsecure
remark limit IP addresses
ip dhcp pool unsecure
vrf unsecure
class dhcp_class_unsecure
address range

This isn’t exactly the same as configuring IP exclusions, because the ip dhcp class command is used to group clients on specific characteristics. Clients that match these characteristics are assigned an IP address from the specific class. In my situation the use of the ip dhcp class command fixed the problem.

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

  1. Nawir says:


    Since you ever configure Citrix, I want to share my experience with Cisco Switch DHCP pool.
    Yesterday I encounter 1 problem which KMS server can’t update win7 license.
    I found out that because AD DNS have wrong client ip.
    So in order for Switch DHCP to working correctly, it need to tell AD DNS to update client ip. In other word it need to support DDNS.
    I haven’t found article on how to configure DDNS dhcp in Switch except router.
    My switch is Catalyst 4507.
    If you found please email me.
    Greetings from Brunei

  2. Roger says:

    Thank you!!

  3. Prashant Desai says:

    I am trying to implement path isolation using vrf lite. Essentially i want to separate the student network and the corporate network in a mid sized campus environment. I have a dhcp server that is used for the student network. If i configure the vrf for student and do the routing using eigrp in a hub and spoke topology, will the dhcp server need to be a part of the vrf ?

  4. marko says:


Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.