Solved: Re: Hi,Another question, do you - Page 2

johnlloyd_13 · ‎10-30-2009

hi experts,

would like to know what this command does? i can't find any on cisco.com.

ChrisNewnham_ · ‎01-14-2024

Hello @Peter Paluch I discovered something interesting in my lab on a C8K, 17.09.03a

If the DHCP relay targets a physical IP on the DHCP server, even if that interface is inside a VRF, it will treat the forwarded DHCP request as if it's in the GRT and ignore the VRF (return routing however, still needs to be in the VRF, and not the GRT).

If it targets a loopback, it will act as expected, and treat it like it arrived in that particular VRF.

Even if it arrived via a DHCP relay, using the command no ip dhcp use vrf connected will still work, I would've expected that no ip dhcp use vrf remote would be required.

Thanks!

Peter Paluch · ‎01-14-2024

Hi @ChrisNewnham_ ,

I hope I'm not too demanding - but would you be so kind to explain your observation on a few examples, perhaps with a simple network diagram? I admit that I'm not fully following your scenarios. My apologies!

Best regards,
Peter

ChrisNewnham_ · ‎01-15-2024

Sure @Peter Paluch , please see example above.

I have 2 DHCP Pools configured on R1, with no VRF commands inside the pool

R1#show run | sec dhcp
ip dhcp excluded-address 10.1.100.1
ip dhcp excluded-address 10.2.100.1
ip dhcp pool P1
network 10.1.100.0 255.255.255.0
default-router 10.1.100.1
ip dhcp pool P2
network 10.2.100.0 255.255.255.0
default-router 10.2.100.1
R1#

Scenario 1
=========

PC1 sends a DHCP request which is forwarded to the IP 10.1.10.1 on R1. Despite this interface being inside the VRF "10", R1 still allocates an IP to PC1. In this case R1 is directly connected to the relay sw1, but if not, a route would be required inside the "10" VRF to route back to the relay.

Scenario 2
=========

PC2 sends a DHCP request which is forwarded to the IP 12.12.12.1 on R1. Despite this interface being inside the VRF "WAN", R1 still allocates an IP to PC2. There is a route inside the vrf WAN to reach 10.2.0.0/16 via R2.

Scenario 3
=========

PC2 sends a DHCP request which is forwarded to the IP 100.100.100.100 on R1 (a loopback) inside the VRF "WAN". It does not work, and I have to enter no ip dhcp use vrf connected to make it work.

Conclusion
=========

There appears to be a behavioral difference between targeting a loopback and physical interface IP, even if they are in the same VRF. Also the "connected" command is still relevant, even if the DHCP host is not actually directly connected.

DavidHall86437 · ‎05-02-2020

I have this issue also but when i get to this code encapsulation dot1Q 10 i can not go further

c(config-subif)#encapsulation.1Q 10
^
% Invalid input detected at '^' marker.

i have tried as spelt in original post still comes to this.

Any help please

I have this issue@Peter Paluch wrote:
Hello John,

This command tells the router whether DHCP requests coming from directly connected VRF-enabled interfaces should be allocated IP addresses from a global DHCP pool (that is not specifically bound to any VRF), or whether a per-VRF DHCP pool should be used to assign the addresses.

Consider the following configuration:

ip vrf MyVRF1
rd 1:1
!
ip vrf MyVRF2
rd 1:2
!
ip dhcp pool Global
network 192.0.2.0 /24
!
ip dhcp pool ForMyVRF1
vrf MyVRF1
network 192.0.2.0 /24
!
ip dhcp pool ForMyVRF2
vrf MyVRF2
network 192.0.2.0 /24
!
interface Fa0/0.10
encapsulation dot1Q 10
ip address 192.0.2.1 255.255.255.0
!
interface Fa0/0.20
encapsulation dot1Q 20
ip vrf forwarding MyVRF1
ip address 192.0.2.1 255.255.255.0
!
interface Fa0/0.30
encapsulation dot1Q 30
ip vrf forwarding MyVRF2
ip address 192.0.2.1 255.255.255.0

With the no ip dhcp use vrf connected, if a DHCP request comes from whatever interface here, it will be allocated an IP address from the global DHCP pool Global, without any regard to the VRF of the interface through which the request came in. The per-VRF DHCP pools ForMyVRF1 and ForMyVRF2 will remain completely unused and untouched, although being defined.

With the ip dhcp use vrf connected, the behavior becomes what you would normally expect - the requests from the Fa0/0.10 will be served from the DHCP pool Global, the requsts coming through the Fa0/0.20 in VRF MyVRF1 will be served from the DHCP pool ForMyVRF1 and finally the requests from Fa0/0.30 will be served from the DHCP pool ForMyVRF2 as the Fa0/0.30 is assigned to the MyVRF2.

Best regards,
Peter

evan.clark · ‎01-02-2013

ip vrf Sales

!

interface FastEthernet0/1

ip vrf forwarding Sales

ip address 192.168.1.1 255.255.255.0

ip flow ingress

duplex auto

speed auto

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.50

!

ip dhcp pool Sales

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

The above configuration worked for me.

When using the no ip dhcp use vrf connected command, the subnet associated to your vrf is forced to use the Global DHCP Service configured on the router. The ip dhcp exclude-address command is then enforced for DHCP on that subnet.

Using this command allows you to have dhcp exclusions without requiring a code upgrade to support the class dhcp sub-command.

IOS Version in Example:
Cisco IOS Software, 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(22)YB8, RELEASE SOFTWARE (fc1)