hello,

can anybody explain me how it's possible to exclude IP address from some vrf dhcp pool?

Is 'ip dhcp excluded-address' in connection with 'no ip dhcp use vrf connected' helpful?

my problem is, that ip dhcp excluded ip addresses are assigned from dhcp pool (till now without no ip dhcp use vrf connected).

here is config:

ip dhcp excluded-address 10.101.173.201 10.101.173.254

ip dhcp pool vlan21
   vrf vrf1
   network 10.101.173.0 255.255.255.0
   default-router 10.101.173.254
   dns-server 10.101.92.1 10.101.140.1 195.168.1.2
   domain-name tat1.kempinski.local
   option 43 hex 010a.5369.656d.656e.7300.0000.0204.0000.0047.0000.0000.00ff

#sh ip dhcp vrf vrf1 binding * | i 10.101.173.2

10.101.173.29       0100.1cc4.cfbc.c9       Apr 30 2010 05:50 PM    Automatic

10.101.173.232      0100.25bc.e231.08       Apr 30 2010 05:48 PM    Automatic

martin

Hi,

I see from your desscription that you want to exclude a range of IP addresses from
a VRF. This is a pretty straight forward command:

ip dhcp excluded-address vrf

This command is used to specify IP addresses that a Cisco IOS Dynamic Host Configuration
Protocol (DHCP) Server should not assign to DHCP clients, use the ip dhcp excluded-address command in global
configuration mode. To remove the excluded IP addresses, use the no
form of this command.

ip dhcp excluded-address low-address [high-address]

no ip dhcp excluded-address low-address [high-address]

Syntax Description

low-address

The excluded IP address, or first IP address in an excluded address range.

high-address

(Optional) The last IP address in the excluded address range.

Reference:

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html

I hope this helps!

Hi,

it's not helful. I have read this command reference (and other for 12.2 version), but no 'vrf' subcommand is available.

see cmd reference:

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1080791

(the same information is in reference for 12.2 version)

and my C4500 cmd:

RD-SW-CORE(config)#ip dhcp excluded-address ?
  A.B.C.D  Low IP address

RD-SW-CORE(config)#ip dhcp excluded-address vrf ?   
% Unrecognized command

RD-SW-CORE(config)#ip dhcp ?
  aaa                        Configure aaa attributes
  binding                    DHCP address bindings
  bootp                      BOOTP specific configuration
  class                      Configure DHCP classes
  conflict                   DHCP address conflict parameters
  database                   Configure DHCP database agents
  excluded-address           Prevent DHCP from assigning certain addresses
  limit                      Limit DHCP Lease
  limited-broadcast-address  Use all 1's broadcast address
  ping                       Specify ping parameters used by DHCP
  pool                       Configure DHCP address pools
  relay                      DHCP relay agent parameters
  route                      Specify the type of routes for clients on unnumbered interfaces
  smart-relay                Enable Smart Relay feature
  snooping                   DHCP Snooping
  subscriber-id              Global subscriber-id configuration
  use                        Configure use of certain parameters during allocation

RD-SW-CORE(config)#ip dhcp vrf ?
% Unrecognized command

version information:

RD-SW-CORE#sh ver | i Version
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 12.2(53)SG2, RELEASE SOFTWARE (fc1)

Hi,

As per the scenario is concerned you are specifying the vrf in the pool so DHCP exlcluded addr should be take care by just the excluded address command.

Or there would have been a option for the same.

Hi everyone,

I just managing a CiscoTAC service regarding VRF.

The VRF keyword for the ip dhcp excluded address was forgot by developers until 15.1.1T, I received an interim release that correct thsi caveat.

The correct sintax should be introduced into the new release when available.

I'm using for now the interim release to address thi issue.

Hi Everyone,

I'm also stuck in configuring dhcp exclude-address range with "vrf" option.

I upgraded my router to "c1841-advipservicesk9-mz.151-1.T.bin" IOS code as per the above post, but no luck.

can you confirm me the exact IOS code you use for this configuration?

Router#sh ver

Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 22-Mar-10 00:28 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 5 days, 20 hours, 38 minutes
System returned to ROM by power-on
System image file is "flash:c1841-advipservicesk9-mz.151-1.T.bin"
Last reload type: Normal Reload

Router(config)#ip dhcp excluded-address 10.226.224.1 10.226.224.60 ?   --> No vrf option

Router(config)#ip dhcp excluded-address ? --> No vrf option
  A.B.C.D  Low IP address

Thank You,

Chaminda.

Try using a class under the dhcp-server configuration.

(ios 12.4(11)T2 on 870er Series)

Hope this help's,

Jürgen.

!

!

ip vrf xxx

! ...

!

ip dhcp use vrf connected

ip dhcp bootp ignore

!

ip dhcp pool xxx-pool
   vrf xxx
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.254
   dns-server 192.168.200.11 192.168.200.12
   lease 0 2 17
   class class1
      address range 192.168.200.100 192.168.200.199
!
ip dhcp class class1
   remark limit 100-199
!
!

Hello Ioppolo,

Can you share if there's a recorded bug about this case, and if possible the specific version you've referred as the "interim release"? I have a 7600 that seems to have the same symptoms...

Thanks,

Emre

Hello Peter,

what if your global ip interface:

interface Fa0/0.10

encapsulation dot1Q 10

ip address 192.0.2.1 255.255.255.0

has an ip vrf receive MyVRF2?

I've got the same example that the one you post it but with my interface global with a ip vrf receive and the dhcp is not relaying any ip on that interface.

In my opinion it should not affect to the dhcp behaviour because it's a receive, not forwarding.

Any idea?

thanks a lot.

Hi,

Honestly, I haven't tried that. However, the ip vrf receive is only used to install the interface's address and the directly connected network as a connected route to a specific VRF (used for PBR-based VRF selection) in addition to the global routing table. It is, however, not used to assign the entire interface to a standalone VRF. Packets received on such an interface are still processed within the global routing table as if the ip vrf receive was not configured. So I would expect that the DHCP operation on such an interface would be as with any interfaces that are not configured with any VRF whatsoever - a plain DHCP operation all in all.

Would this make sense?

Best regards,
Peter

Thanks for your reply.

In fact I've got a lab where the dhcp works well with some interfaces with forwarding vrf and others interfaces with receiving vrf.

However, I've got a live site that is not the case and the interface with receive is not working.

Anyway, I'll continue tshooting.

Another question, do you know practical the difference between these two:

ip dhcp use vrf connected

ip dhcp use vrf remote

?

I guess connected is for the normal behaviour described in this post.

But when should we use remote?

Thanks again for your prompt reply!

Hi,

Another question, do you know practical the difference between these two:

ip dhcp use vrf connected

ip dhcp use vrf remote

The connected refers to handling DHCP requests received from clients in directly connected networks, while remote refers to handling DHCP requests that have been relayed through a DHCP relay agent.

The differentiating key here is the field inside the DHCP packet called giaddr - "gateway IP address". Despite the suggestive name, this field has nothing to do with the default gateway of a particular host; rather, it carries the IP address of the DHCP relay agent that forwarded this message. If the message has been received from a directly connected client, giaddr will be 0.0.0.0, and the ip dhcp use vrf connected command will influence whether this request will be served from a per-VRF pool (if set) or from a global pool (if unset). Similarly, if the giaddr is non-zero then this packet has been forwarded by a DHCP relay agent whose IP address is stored in that field, and consequently, the ip dhcp use vrf remote will be used to determine whether the request will be handled by a per-VRF pool (by associating the address in the giaddr with the proper pool and VRF based on the incoming interface) or by a global pool.

Does this make sense?

Best regards,
Peter

Hello Peter,

Thank you very much for your explanation.

In the end, the dhcp worked as we foresaw even in the vrf receive interface, relaying addresses from the global table.

Thanks again.