Cisco IOS is not an authoritative DHCP server

Imagine you have to move your DHCP clients to a different range within the same IP subnet. Can you do it if you run the DHCP server on a router running Cisco IOS? Sure, there’s the ip dhcp excluded-address command.

Not so fast … the ip dhcp excluded-address command does not affect the existing bindings. Sounds weird? It is. You tell the router to avoid some of the IP addresses in the DHCP pool and it will happily extend the leases for those IP addresses, it just won’t allocate new IP addresses from the excluded range. To change the IP address assignment of the existing clients, you have to clear the DHCP bindings with the clear ip dhcp binding command.

OK, so you clear the bindings. The next time the clients try to extend the lease, their requests will be rejected. Wrong – Cisco IOS is not an authoritative DHCP server. It ignores DHCPREQUEST messages coming from unknown clients in a correct subnet.

  1. This is especially fun with DHCP client which do not fall back to DHCPDISCOVER but keep on sending DHCPREQUESTs.
