Solved: Re: DHCP Issue on VRF

Learnercisco · ‎07-13-2020

Hi Teck People

i am facing on strang issue in my Distribution 9600 if some body face this issue guide me please

IP phone is not getting IP Address from Cisco 96000 DHCP Server but Serve is showing the binding:

DHCP SERVER Binding:

Switch-1A#show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address      Client-ID/              Lease expiration        Type       State      Interface

                Hardware address/

                User name

 

Bindings from VRF pool Telephone:

IP address      Client-ID/              Lease expiration        Type       State      Interface

                Hardware address/

                User name

172.17.30.14    01a4.b239.4805.6f       Infinite                Automatic  Active     Vlan67

Switch-1A#




DHCP Server Confguration 




ip dhcp use vrf connected

ip dhcp excluded-address vrf Telephone 172.17.30.1 172.17.30.2




ip dhcp pool TPH-67

vrf Telephone

network 172.17.30.0 255.255.255.0

default-router 172.17.30.1

option 150 instance 1 ip 172.17.50.5

option 150 instance 2 ip 172.17.50.6

lease infinite

ip dhcp snooping information option allow-untrusted

can somebody suggest

Learnercisco · ‎07-14-2020

Hi George Thanks for your Support

we have two seprate cluster for Distribution.

Finally the issue solved by upgrading on the IOS of Distribution Swiitches

Platform C9606R

Presinstalled IOS version:16.12.02

Upgraded IOS version: 16.12.3a (This s a stable version )

Thanks for Support from Everyone.

View solution in original post

marce1000 · ‎07-13-2020

- Take a look at this thread (not really the subject) , but how DHCP is setup with vrf interfaces :

https://community.cisco.com/t5/switching/no-ip-dhcp-use-vrf-connected/td-p/1334822

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Learnercisco · ‎07-13-2020

hi marce,

I suppose my configuration is correct

Request is coming from the access Switch vlan via trunk port to distribution SVI under same VRF and DHCP Pool is under same VRF.

With the ip dhcp use vrf connected, the behavior becomes what you would normally expect - the requests from the Fa0/0.10 will be served from the DHCP pool Global, the requsts coming through the Fa0/0.20 in VRF MyVRF1 will be served from the DHCP pool ForMyVRF1 and finally the requests from Fa0/0.30 will be served from the DHCP pool ForMyVRF2 as the Fa0/0.30 is assigned to the MyVRF2.

balaji.bandi · ‎07-13-2020

Can you post below command :

show run interface vlan 67

show run interface te x/x ( te or tw) depends on environment. - where the Phone connected not getting IP address

you can also check IP arp / MAC table and see where this IP allocated to what port ?

make sure the port need to belong to same VRF to serve IP address.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Learnercisco · ‎07-13-2020

Thanks Balaji.

The phone is connected to access swith via layer 2 MEC to distribution swith and TPH vlan is trunk to the access swith.

i have no arp entry for Telephone VRF on distribution swith. This is strange for me e.g show ip arp Telephone

yes the port belongs to same vrf

balaji.bandi · ‎07-13-2020

Please provide all relavant configuration to review

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Learnercisco · ‎07-13-2020

the configuration on access

switch below

int g1/0/1

switchport mode access

switchport voice vlan 67

spanning-tree port fast 




The vlan 67 is trunk to distribution through a L2 etherchannel. vtp mode transparent

access Switch configuration

=====================================================

interface TenGigabitEthernet1/1/1
description <<<< Conection to Distribution 1 >>>>
switchport mode trunk
switchport nonegotiate
channel-group 1 mode passive
!
interface TenGigabitEthernet1/1/2
description <<<< Conection to Distribution 2 >>>>
switchport mode trunk
switchport nonegotiatechannel-group 1 mode passive







Distribution Switch Configuration:




interface TwentyFiveGigE1/1/0/2
description ### Conection to Access Switch-1 port 1 ###
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active




interface TwentyFiveGigE2/1/0/2
description ### Conection to Access Switch- 1 port 2 ###
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active

balaji.bandi · ‎07-13-2020

how about removing switchport trunk allowed vlan 67,911 config from Po21 and try ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Learnercisco · ‎07-13-2020

Hi Balaji

as per my understandng,

Access and distribution are in transparent mode so i need to allow the specifice vlan from Access to distribution as i did from Distribution to Access. for example below. because vlan 911 in Managemnt VRF and i can see arp entries under Management VRF. but i cant see the arp for Telephone VRF in distribution switch for vlan 67. in short i want to allow the same vlan from Access to distribution and distribution to accees. please correct me if i am wrong.

access to distribution

interface TenGigabitEthernet1/1/1
description <<<< Conection to Distribution 1A >>>>
switchport mode trunk allowed vlan 67,911
switchport nonegotiate
channel-group 1 mode passive
!
interface TenGigabitEthernet1/1/2
description <<<< Conection to Distribution 1B >>>>
switchport mode trunk vlan 67,911
switchport nonegotiate
channel-group 1 mode passive
!

interface Port-channel1
description <<<< Conection to Distribution 1A,1B >>>>
switchport mode trunk allowed vlan 67,911
switchport nonegotiate




============

Distribution to Access 

interface TwentyFiveGigE1/1/0/2
description ### Conection to Access Switch-1 ###
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active







!

Distribution to Access 

interface TwentyFiveGigE2/1/0/2
description ### Conection to Access Switch-1 ###
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active




interface Port-channel21
description <<<< Conection to acces switc 01 >>>>
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
!

balaji.bandi · ‎07-13-2020

is this typo or configuration wrong here - different configuration in each interface: that is not causing the issue, just checking?

interface TenGigabitEthernet1/1/1
description <<<< Conection to Distribution 1A >>>>
switchport mode trunk allowed vlan 67,911
switchport nonegotiate
channel-group 1 mode passive
!
interface TenGigabitEthernet1/1/2
description <<<< Conection to Distribution 1B >>>>
switchport mode trunk vlan 67,911
switchport nonegotiate
channel-group 1 mode passive

just to clarify, is this VRF in distribution switch?

what is the model of distribution/access switch what version of code running on both?

just to check what happens when you change the access VLAN from voice VLAN 67 to normal VLAN 67 ? do you get an IP address?

Also i see the port belong to switchport voice vlan 10, do you have VLAN 10, or change that to VLAN 67 and try ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Learnercisco · ‎07-13-2020

interface TenGigabitEthernet1/1/2
description <<<< Conection to Distribution 1B >>>>
switchport mode trunk vlan 67,911 type mistake
switchport nonegotiate
channel-group 1 mode passive

ust to clarify, is this VRF in distribution switch? >>>>>>> yes

what is the model of distribution/access switch what version of code running on both?

16.12.2 9600/9300

just to check what happens when you change the access VLAN from voice VLAN 67 to normal VLAN 67 ? do you get an IP address? >>>>>>>>i will check it and update

Learnercisco · ‎07-13-2020

sorry forget to add portchannel from distribution

interface Port-channel21
description <<<< Conection to 570BG002TLSW-0001 >>>>
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
!

Georg Pauwen · ‎07-13-2020

Hello,

what is the port configuration of the connected device ?

Learnercisco · ‎07-13-2020

the configuration on access

switch below

int g1/0/1

switchport mode access

switchport voice vlan 10

spanning-tree port fast 




The vlan 10 is trunk to distribution through a L2 etherchannel.

access Switch configuration

=====================================================

interface TenGigabitEthernet1/1/1
description <<<< Conection to Distribution 1 >>>>
switchport mode trunk
switchport nonegotiate
channel-group 1 mode passive
!
interface TenGigabitEthernet1/1/2
description <<<< Conection to Distribution 2 >>>>
switchport mode trunk
switchport nonegotiatechannel-group 1 mode passive







Distribution Switch Configuration:




interface TwentyFiveGigE1/1/0/2
description ### Conection to Access Switch-1 port 1 ###
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active




interface TwentyFiveGigE2/1/0/2
description ### Conection to Access Switch- 1 port 2 ###
switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active

Georg Pauwen · ‎07-13-2020

Hello,

you need to allow Vlan 10 on the trunks. Remove the lines in bold (from the port channel as well):

interface TwentyFiveGigE1/1/0/2
description ### Conection to Access Switch-1 port 1 ###
--> no switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active




interface TwentyFiveGigE2/1/0/2
description ### Conection to Access Switch- 1 port 2 ###
--> no switchport trunk allowed vlan 67,911
switchport mode trunk
switchport nonegotiate
channel-group 21 mode active