Solved

Strange VLAN / DHCP / IP Address issue....

Posted on 2006-11-14
8
313 Views
Last Modified: 2010-03-18
Ok, i'll do my best here to prevent tons of unecessary questions :)

ENVIRONMENT:
--------


DHCP Server
OS: Windows 2003 Server - Standard - R2
IP Address: 10.199.25.14


Scope 1: 10.199.28.0 / 24
Scope 2: 10.199.29.0 / 24
Scope 3: 10.199.30.0 / 24
Scope 4: 10.199.31.0 / 24
Scope 5: 10.199.32.0 / 24


DHCP Server is assigned to VLAN 100


-------


Distribution Switch: Catalyst 4506


VLAN 100 - 10.199.25.0 / 24 - Infrastructure Servers


VLAN 101 - 10.199.28.0 / 24 - Developer
VLAN 102 - 10.199.29.0 / 24 - QA
VLAN 103 - 10.199.30.0 / 24 - Operations
VLAN 104 - 10.199.31.0 / 24 - Tech Support
VLAN 105 - 10.199.32.0 / 24 - General Users


IP Helper Address: 10.199.25.14 (assigned to VLAN's 101-105)


----


Pretty straightforward ey? VLAN 100 is for all my infrastructure
servers. the remaining VLAN's handle all the users segments. All works
well. Desktops/Laptops get their appropriate IP address based on the
VLAN they are assigned to and the Scope that is associated with a
VLAN's subnet.


Now, here is where the problem crops up:


1. Laptop A in VLAN 101 currently has an IP address of 10.199.28.50.
All is well.


2. User has a meeting and takes Laptop A, shutdowns the OS. He walks up
to the 15th floor, plugs into another port that is assigned on VLAN 102
(10.199.29.0 / 24)


3. User boots up Laptop A, and it still get's his old IP address of
10.199.28.50 from VLAN 101.


4. I run an ipconfig /release. I get 0.0.0.0 (expected response)


5. I run an ipconfig /renew and I STILL GET 10.199.28.50 from VLAN 101,
although im plugged into a port that is assigned to VLAN 102
(10.199.29.0 / 24).


How is the Laptop able to get an IP address from a VLAN that is he is
not physically/logically connected? He is connected to VLAN 102
(10.199.29.0 / 24) but get's his old IP address from VLAN 101
(10.199.28.0 / 24). WTF?


The only way to force the laptop to get a valid IP that corresponds to
the current VLAN/subnet it's connected to, is to exclude it's old
address from the DHCP Server and then do an ipconfig /release  and
/renew. Only then is it forced to get a new IP address that corresponds
to it's current VLAN/subnet.


It looks like the DHCP requests are somehow spanning or being
broadcasted across multiple VLANs, thus it's getting to the DHCP server
and allowing it to give the laptop it's old IP address, although the
request came from a completely different VLAN/subnet than it's old IP
address. .


I have looked EVERYWHERE on the internet for similar issues, and while
I found a few similar posts, the issue always turned out to be
something like the person didn't have IP helper assigned properly or
the DHCP server was having issues, yada yada.


Any help is greatly appreciated as this problem is starting to become
an issue as users tend to move around the office quite frequently.


TIA!


-omar

0
Comment
Question by:jptech49
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
8 Comments
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17945585
Odd. You could run up DHCPLOC.EXE from the resource kit on a machine on the same VLAN (not the dhcp server!) to watch the broadcasts and what is going on.  Also check the dhcp logs on the dhcp server.  It could be it is never actually hitting the dhcp server?

Steve
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 17945587
Next silly question does that port really work on the other subnet OK...
0
 

Author Comment

by:jptech49
ID: 17951687
yes, everything works on the ports in question.

but I think i figured out the issue. one thing I did not indicate is that the USER scopes are under a single SuperScope. I thought Superscopes were just a simple way to organize your scopes.

Apparently not.

By definition (from MS) a Superscope is used for multi-neting, and essentially tells the DHCP server that all scopes within the Superscope are part of the same "physical segment". Thus what I think is happening is that the DHCP server is ignoring the fact that the new client DHCP request is coming from a different VLAN/subnet. Since it's being told that VLAN 101 and VLAN 102 are part of the same "physical segment" then he is allowing the client to receive his old address even thought the request clearly came from a different VLAN.

I removed the superscope and doing some testing today to see if it's fixed.

-omar
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 43

Expert Comment

by:Steve Knight
ID: 17953712
Ah well yes that wouldn't help... that's right.  Good luck then!  Superscopes are rarely needed IMHO, always best to keep it to normal scopes for your sanity.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 19430376
Asker fixed the problem and explained why so PAQ, refund I suppose....
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19527320
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question