Configure Cisco IOS DHCP to use vendor class IDs

The IOS DHCP server can be configured to provide different address information to clients based on information they provide via DHCP option 60.

DHCP Option 60 is the “vendor class identifier option” that allows the DHCP client to identify its type so that custom configuration can be applied.

Configuring the DHCP Client

For custom address configuration to be applied the client must specify option 60. This is configured with the “ip dhcp client class-id XXX” command, where XXX is an ASCII label to use. For example:

interface Vlan10
  description ** Corporate LAN - Management Address **
  ip dhcp client class-id CUSTOM_CLASS
  ip address dhcp
  end

Configuring the DHCP Server

To configure the IOS DHCP server you must specify a default class and then a class that will match against DHCP option 60. When matching against option 60 you must convert the ASCII string the client sends (e.g. “CUSTOM_CLASS”) to hexadecimal.

ip dhcp class DEFAULT
  remark IP addresses for devices not providing a class-id
!
ip dhcp class CUSTOM_CLASS
  remark IP addresses for devices providing "CUSTOM_CLASS"
  option 60 hex 435553544f4d5f434c415353

With the matching setup the DHCP pool configuration can be split into the custom class and a default:

ip dhcp pool LAN
  network 192.168.0.0 255.255.255.0
  default-router 192.168.0.254
  class CUSTOM_CLASS
    address range 192.168.0.210 192.168.0.220
  class DEFAULT
    address range 192.168.0.0 192.168.0.200

If this doesn’t work the following debug commands may be helpful in identifying the cause of the problem:

debug ip dhcp server class
debug ip dhcp server packet detail

Cisco 2960X Failed to send hrpc non blocking message

In deploying a number of Cisco 2960X Switch Stacks containing between 4 and 8 members I noticed many of them were logging the following message:

Failed to send hrpc non blocking message

The issue appeared after upgrading switches from 15.0(2)EX2 to 15.0(2)EX3 and persists through to at least 15.0(2)EX5. Following extensive troubleshooting both internally and with Cisco, the problem was narrowed down to the device classifier.

Whenever a switch learns a new MAC address the switch will create a new “device classifier session”. The device classifier collects information based on the MAC address vendor OUI, CDP and LLDP to identify the type of device connected to a port. Macros can then be created to perform actions based on the device type. This information is synchronised across all switches in stack. Unfortunately the switch stack cannot keep up with synchronising this information across all devices hence reports this error message.

Continue reading Cisco 2960X Failed to send hrpc non blocking message

Cisco ASAv on ESXi Standalone

Cisco released their new ASAv virtual appliance, an updated virtual offering for the ASA platform. I suspect at least part of the driver for this is their work on Cisco Modeling Labs, a new tool to help build and simulate environments.

The ASAv copes well in terms of performance and allows for yet more physical devices to be virtualized, however it only supports VMware environments that make use of vCenter. This leaves those wishing to use the ASAv for their learning, or testing having to setup vCenter. For home labs this is going to eat up more memory and discourage some. Thankfully working around this if fairly straightforward if you have access to a vCenter environment to import and then export the VM from.
Continue reading Cisco ASAv on ESXi Standalone