Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1933
Views
0
Helpful
6
Replies

VRF DHCP help!

frederick.mercado
Spotlight
Spotlight

‎05-05-2022 08:34 AM - edited ‎10-19-2023 12:12 PM

So I have my VRF lite setup in the WLC 9800 oddly enough that includes VLAN(Mobile clients) and Interface twoGi0/0/0 out to the ISP. I cannot however get DHCP. The DHCP server is behind VLAN  on the corp network, as we have to have it windows based due to policy, if not I would surely set one up locally. The only issue is that we do not have a SVI on the corp for VLAN...I know the route leak from VRF to global but VLAN is not in the global...but I am unsure of how to set that up... as I do not want communication with anything but DHCP to that VRF.

0 Helpful
6 Replies 6

Flavio Miranda
VIP
VIP

‎05-05-2022 09:06 AM - edited ‎05-05-2022 09:09 AM

Edit you post please and delete sensitivy information.

Preview file
87 KB
0 Helpful

Flavio Miranda
VIP
VIP

‎05-05-2022 09:49 AM

Try this config:

 

ip vrf MOBILE-SSID
description MOBILE to ISP
rd 1:1

!

access-list 101 permit ip 207.91.252.28 0.0.0.255 10.74.35.10 0.0.0.255

route-map VRF_TO_GLOBAL permit 10
match ip address 101
set global

!
interface TwoGigabitEthernet0/0/0
description LOCAL INTERNET
no switchport
ip vrf forwarding MOBILE-SSID
ip address 207.91.252.28 255.255.255.248
ip helper-address 10.74.35.10
ip nat outside
negotiation auto
no snmp trap link-status
ip policy route-map VRF_TO_GLOBAL

 

!

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to Flavio Miranda

‎05-05-2022 10:54 AM - edited ‎10-19-2023 12:12 PM

Configured but not working.

0 Helpful

Flavio Miranda
VIP
VIP

‎05-05-2022 11:07 AM

But the VLAN 126 and 35  are  an interface vlan?  Or they are only layer 2 vlans?

If they are interface vlan then, is different from what I thought

 

The  policy must be applied on the interface vlan that has the VRF on it

ip policy route-map VRF_TO_GLOBAL

 

The access list must use the source IP of the interfac vlan with VRF and destination the VLAN on the global vrf

access-list 101 permit ip 207.91.252.28 0.0.0.255 10.74.35.10 0.0.0.255

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to Flavio Miranda

‎05-05-2022 01:07 PM - edited ‎10-19-2023 12:13 PM

They are layer 2 vlans on the 9800 WLC.

0 Helpful

paul driver
VIP
VIP

‎05-05-2022 02:55 PM - edited ‎05-05-2022 02:56 PM

Hello

You have a post open already (here) relating to the same query ( vrf, vlan 126,dhcp) in this that post it was summarized to

@paul.driver wrote
So just to summarise, you have a HSRP vlan that you want isolated from the rest of the network, be able to receive dhcp allocation and append NAT redundancy to froma 9300 series switch?

@frederick.mercado wrote:

That would be a correct summarization. VLAN126 is for mobile traffic to be isolated from other VLANs, minus the possible DHCP,


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card