no ip dhcp use vrf connected

Answered Question
Oct 30th, 2009

hi experts,

would like to know what this command does? i can't find any on cisco.com.

I have this problem too.
1 vote
Correct Answer by Peter Paluch about 7 years 1 month ago

Hello John,

This command tells the router whether DHCP requests coming from directly connected VRF-enabled interfaces should be allocated IP addresses from a global DHCP pool (that is not specifically bound to any VRF), or whether a per-VRF DHCP pool should be used to assign the addresses.

Consider the following configuration:

ip vrf MyVRF1

rd 1:1

!

ip vrf MyVRF2

rd 1:2

!

ip dhcp pool Global

network 192.0.2.0 /24

!

ip dhcp pool ForMyVRF1

vrf MyVRF1

network 192.0.2.0 /24

!

ip dhcp pool ForMyVRF2

vrf MyVRF2

network 192.0.2.0 /24

!

interface Fa0/0.10

encapsulation dot1Q 10

ip address 192.0.2.1 255.255.255.0

!

interface Fa0/0.20

encapsulation dot1Q 20

ip vrf forwarding MyVRF1

ip address 192.0.2.1 255.255.255.0

!

interface Fa0/0.30

encapsulation dot1Q 30

ip vrf forwarding MyVRF2

ip address 192.0.2.1 255.255.255.0

With the no ip dhcp use vrf connected, if a DHCP request comes from whatever interface here, it will be allocated an IP address from the global DHCP pool Global, without any regard to the VRF of the interface through which the request came in. The per-VRF DHCP pools ForMyVRF1 and ForMyVRF2 will remain completely unused and untouched, although being defined.

With the ip dhcp use vrf connected, the behavior becomes what you would normally expect - the requests from the Fa0/0.10 will be served from the DHCP pool Global, the requsts coming through the Fa0/0.20 in VRF MyVRF1 will be served from the DHCP pool ForMyVRF1 and finally the requests from Fa0/0.30 will be served from the DHCP pool ForMyVRF2 as the Fa0/0.30 is assigned to the MyVRF2.

Best regards,

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (5 ratings)
Loading.
Correct Answer
Peter Paluch Fri, 10/30/2009 - 16:29

Hello John,

This command tells the router whether DHCP requests coming from directly connected VRF-enabled interfaces should be allocated IP addresses from a global DHCP pool (that is not specifically bound to any VRF), or whether a per-VRF DHCP pool should be used to assign the addresses.

Consider the following configuration:

ip vrf MyVRF1

rd 1:1

!

ip vrf MyVRF2

rd 1:2

!

ip dhcp pool Global

network 192.0.2.0 /24

!

ip dhcp pool ForMyVRF1

vrf MyVRF1

network 192.0.2.0 /24

!

ip dhcp pool ForMyVRF2

vrf MyVRF2

network 192.0.2.0 /24

!

interface Fa0/0.10

encapsulation dot1Q 10

ip address 192.0.2.1 255.255.255.0

!

interface Fa0/0.20

encapsulation dot1Q 20

ip vrf forwarding MyVRF1

ip address 192.0.2.1 255.255.255.0

!

interface Fa0/0.30

encapsulation dot1Q 30

ip vrf forwarding MyVRF2

ip address 192.0.2.1 255.255.255.0

With the no ip dhcp use vrf connected, if a DHCP request comes from whatever interface here, it will be allocated an IP address from the global DHCP pool Global, without any regard to the VRF of the interface through which the request came in. The per-VRF DHCP pools ForMyVRF1 and ForMyVRF2 will remain completely unused and untouched, although being defined.

With the ip dhcp use vrf connected, the behavior becomes what you would normally expect - the requests from the Fa0/0.10 will be served from the DHCP pool Global, the requsts coming through the Fa0/0.20 in VRF MyVRF1 will be served from the DHCP pool ForMyVRF1 and finally the requests from Fa0/0.30 will be served from the DHCP pool ForMyVRF2 as the Fa0/0.30 is assigned to the MyVRF2.

Best regards,

Peter

Martin Kyrc Thu, 04/29/2010 - 09:54

hello,

can anybody explain me how it's possible to exclude IP address from some vrf dhcp pool?

Is 'ip dhcp excluded-address' in connection with 'no ip dhcp use vrf connected' helpful?

my problem is, that ip dhcp excluded ip addresses are assigned from dhcp pool (till now without no ip dhcp use vrf connected).

here is config:

ip dhcp excluded-address 10.101.173.201 10.101.173.254

ip dhcp pool vlan21
   vrf vrf1
   network 10.101.173.0 255.255.255.0
   default-router 10.101.173.254
   dns-server 10.101.92.1 10.101.140.1 195.168.1.2
   domain-name tat1.kempinski.local
   option 43 hex 010a.5369.656d.656e.7300.0000.0204.0000.0047.0000.0000.00ff

#sh ip dhcp vrf vrf1 binding * | i 10.101.173.2

10.101.173.29       0100.1cc4.cfbc.c9       Apr 30 2010 05:50 PM    Automatic

10.101.173.232      0100.25bc.e231.08       Apr 30 2010 05:48 PM    Automatic

martin

rahurao Thu, 04/29/2010 - 20:39

Hi,

I see from your desscription that you want to exclude a range of IP addresses from
a VRF. This is a pretty straight forward command:

ip dhcp excluded-address vrf

This command is used to specify IP addresses that a Cisco IOS Dynamic Host Configuration
Protocol (DHCP) Server should not assign to DHCP clients, use the ip dhcp excluded-address command in global
configuration mode. To remove the excluded IP addresses, use the no
form of this command.

ip dhcp excluded-address low-address [high-address]

no ip dhcp excluded-address low-address [high-address]

Syntax Description


low-address

The excluded IP address, or first IP address in an excluded address range.

high-address

(Optional) The last IP address in the excluded address range.

Reference:

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html

I hope this helps!

Martin Kyrc Thu, 04/29/2010 - 22:52

Hi,

it's not helful. I have read this command reference (and other for 12.2 version), but no 'vrf' subcommand is available.

see cmd reference:

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1080791

(the same information is in reference for 12.2 version)

and my C4500 cmd:

RD-SW-CORE(config)#ip dhcp excluded-address ?
  A.B.C.D  Low IP address

RD-SW-CORE(config)#ip dhcp excluded-address vrf ?   
% Unrecognized command


RD-SW-CORE(config)#ip dhcp ?
  aaa                        Configure aaa attributes
  binding                    DHCP address bindings
  bootp                      BOOTP specific configuration
  class                      Configure DHCP classes
  conflict                   DHCP address conflict parameters
  database                   Configure DHCP database agents
  excluded-address           Prevent DHCP from assigning certain addresses
  limit                      Limit DHCP Lease
  limited-broadcast-address  Use all 1's broadcast address
  ping                       Specify ping parameters used by DHCP
  pool                       Configure DHCP address pools
  relay                      DHCP relay agent parameters
  route                      Specify the type of routes for clients on unnumbered interfaces
  smart-relay                Enable Smart Relay feature
  snooping                   DHCP Snooping
  subscriber-id              Global subscriber-id configuration
  use                        Configure use of certain parameters during allocation


RD-SW-CORE(config)#ip dhcp vrf ?
% Unrecognized command

version information:

RD-SW-CORE#sh ver | i Version
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-ENTSERVICESK9-M), Version 12.2(53)SG2, RELEASE SOFTWARE (fc1)

rahurao Fri, 04/30/2010 - 01:16

Hi,

As per the scenario is concerned you are specifying the vrf in the pool so DHCP exlcluded addr should be take care by just the excluded address command.

Or there would have been a option for the same.

ioppolo Sun, 06/06/2010 - 04:32

Hi everyone,

I just managing a CiscoTAC service regarding VRF.

The VRF keyword for the ip dhcp excluded address was forgot by developers until 15.1.1T, I received an interim release that correct thsi caveat.

The correct sintax should be introduced into the new release when available.

I'm using for now the interim release to address thi issue.

Chamindaw_2 Mon, 08/09/2010 - 22:55

Hi Everyone,

I'm also stuck in configuring dhcp exclude-address range with "vrf" option.

I upgraded my router to "c1841-advipservicesk9-mz.151-1.T.bin" IOS code as per the above post, but no luck.

can you confirm me the exact IOS code you use for this configuration?

Router#sh ver

Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 15.1(1)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Mon 22-Mar-10 00:28 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Router uptime is 5 days, 20 hours, 38 minutes
System returned to ROM by power-on
System image file is "flash:c1841-advipservicesk9-mz.151-1.T.bin"
Last reload type: Normal Reload

Router(config)#ip dhcp excluded-address 10.226.224.1 10.226.224.60 ?   --> No vrf option

Router(config)#ip dhcp excluded-address ? --> No vrf option
  A.B.C.D  Low IP address

Thank You,

Chaminda.

j-marenda Tue, 08/10/2010 - 01:25

Try using a class under the dhcp-server configuration.

(ios 12.4(11)T2 on 870er Series)

Hope this help's,

Jürgen.

!

!

ip vrf xxx

! ...

!

ip dhcp use vrf connected

ip dhcp bootp ignore

!

ip dhcp pool xxx-pool
   vrf xxx
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.254
   dns-server 192.168.200.11 192.168.200.12
   lease 0 2 17
   class class1
      address range 192.168.200.100 192.168.200.199
!
ip dhcp class class1
   remark limit 100-199
!
!

emresumengen Mon, 11/22/2010 - 00:03

Hello Ioppolo,

Can you share if there's a recorded bug about this case, and if possible the specific version you've referred as the "interim release"? I have a 7600 that seems to have the same symptoms...

Thanks,

Emre

CSCO12205445 Sun, 10/25/2015 - 05:11

Hello Peter,

 

what if your global ip interface:

interface Fa0/0.10

encapsulation dot1Q 10

ip address 192.0.2.1 255.255.255.0

 

has an ip vrf receive MyVRF2?

 

I've got the same example that the one you post it but with my interface global with a ip vrf receive and the dhcp is not relaying any ip on that interface.

In my opinion it should not affect to the dhcp behaviour because it's a receive, not forwarding.

 

Any idea?

thanks a lot.

Peter Paluch Sun, 10/25/2015 - 12:20

Hi,

Honestly, I haven't tried that. However, the ip vrf receive is only used to install the interface's address and the directly connected network as a connected route to a specific VRF (used for PBR-based VRF selection) in addition to the global routing table. It is, however, not used to assign the entire interface to a standalone VRF. Packets received on such an interface are still processed within the global routing table as if the ip vrf receive was not configured. So I would expect that the DHCP operation on such an interface would be as with any interfaces that are not configured with any VRF whatsoever - a plain DHCP operation all in all.

Would this make sense?

Best regards,
Peter

CSCO12205445 Mon, 10/26/2015 - 03:46

Thanks for your reply.

 

In fact I've got a lab where the dhcp works well with some interfaces with forwarding vrf and others interfaces with receiving vrf.

 

However, I've got a live site that is not the case and the interface with receive is not working.

 

Anyway, I'll continue tshooting.

 

Another question, do you know practical the difference between these two:

ip dhcp use vrf connected

ip dhcp use vrf remote

?

 

I guess connected is for the normal behaviour described in this post.

 

But when should we use remote?

 

Thanks again for your prompt reply!

 

Peter Paluch Mon, 10/26/2015 - 04:36

Hi,

Another question, do you know practical the difference between these two:

ip dhcp use vrf connected

ip dhcp use vrf remote

The connected refers to handling DHCP requests received from clients in directly connected networks, while remote refers to handling DHCP requests that have been relayed through a DHCP relay agent.

The differentiating key here is the field inside the DHCP packet called giaddr - "gateway IP address". Despite the suggestive name, this field has nothing to do with the default gateway of a particular host; rather, it carries the IP address of the DHCP relay agent that forwarded this message. If the message has been received from a directly connected client, giaddr will be 0.0.0.0, and the ip dhcp use vrf connected command will influence whether this request will be served from a per-VRF pool (if set) or from a global pool (if unset). Similarly, if the giaddr is non-zero then this packet has been forwarded by a DHCP relay agent whose IP address is stored in that field, and consequently, the ip dhcp use vrf remote will be used to determine whether the request will be handled by a per-VRF pool (by associating the address in the giaddr with the proper pool and VRF based on the incoming interface) or by a global pool.

Does this make sense?

Best regards,
Peter

CSCO12205445 Wed, 10/28/2015 - 02:21

Hello Peter,

Thank you very much for your explanation.

In the end, the dhcp worked as we foresaw even in the vrf receive interface, relaying addresses from the global table.

Thanks again.

evan.clark Wed, 01/02/2013 - 07:32

ip vrf Sales

!

interface FastEthernet0/1

ip vrf forwarding Sales

ip address 192.168.1.1 255.255.255.0

ip flow ingress

duplex auto

speed auto

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.50

!

ip dhcp pool Sales

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

The above configuration worked for me.

When using the no ip dhcp use vrf connected command, the subnet associated to your vrf is forced to use the Global DHCP Service configured on the router. The ip dhcp exclude-address command is then enforced for DHCP on that subnet.

Using this command allows you to have dhcp exclusions without requiring a code upgrade to support the class dhcp sub-command.

IOS Version in Example:
Cisco IOS Software, 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(22)YB8, RELEASE SOFTWARE (fc1)

Actions

This Discussion