[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 263
  • Last Modified:

IP Address conflict

hi
i have two VLANS (84VLAN and 86VLAN). Our DHCP server has two NICs configured to provide DHCP service from two Scopes to the two vlans. however, i have recently noticed some section of the 86VLAN are not able to get IP address from the server (IP Address conflict messages). I have enough IP addresses for the VLAN for each vlan. I suspect the server is not handling DHCP requests well hence the issues. where do i look?
0
adjaddy
Asked:
adjaddy
  • 5
  • 5
  • 4
  • +1
1 Solution
 
arnoldCommented:
http://itknowledgeexchange.techtarget.com/itanswers/multiple-dhcp-scopes-for-multiple-vlans/
http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/cca6879b-4589-4b91-b1cc-41806975c984

I think your issue is that you have the DHCP connected to both.

The above seem to deal with having the DHCP on a LAN and then configure the router/switch as a DHCP relay-agent that will forward the DHCP requests along with the network scope for which the IP should be allocated from the DHCP server.
0
 
oferamCommented:
If your DHCP server is from Microsoft then you should configure IP conflict detection: Right Click on the DHCP Server from the DHCP MMC Administration Snap-In, and choose properties.

Change the Conflict detection attempts to a number bigger than 0.


DHCPProperties.bmp
0
 
arnoldCommented:
The problem does not seem to be with DHCP not listening on both VLANed interfaces, the problem may be with what IPs are allocated by the DHCP.
i.e. it listens on both IPs and has two scopes, but there is no way to bind the Scope to an interface
i.e. scope1 is for VLAN86 connected to with interface1.
scope2 is for VLAN89 connected with interface2.
There is no option within the DHCP scope definition to limit allocation from scope1 to DHCP requests received on interface1 and similarly for scope2 over interface2.  This type of issue is dealt with dhcp relay-agent on the router-switch which as part of the request includes the scope from which the IP should be allocated.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
adjaddyAuthor Commented:
Guys
Fair point on the Dhcp server not knowing which NIC to direct what request to (Arnold)
shouldn't the vlan address the issue of Relay agent? the two cables from the dhcp server go to
different ports on our LAN switch which has been configured to segment the network on the two VLANS
oferam: i have configured the Conflict detection attempts to 4 and would monitor and let you know what the effects will be
0
 
arnoldCommented:
The issue is not through which NIC to direct the response since it too is a broadcast.
The issue is that the system that needs an IP is oblivious as to its condition and location. VLAN'd or other wise.  The only component that knows about VLAN is the switch that has port 1 as part of VLAN86 and port 2 VLAN89 and the router to which it is connected that provides for inter LAN.

No, the system issues a DHCP discovery broadcast 255.255.255.255 on all possible IPs. If you did not have the DHCP server connected to both VLANs it will never receive those requests since broadcasts do not cross router boundries.  Offen the issue is whether to place a dhcp server on each lan or setup a dhcp relay agent on the router that would relay requests to a known DHCP server. that resides outside the VLANs.

the issue is that your placement of the server effectively counter acts the VLAN.
I.e. if a user based on ipconfig gets the IP of the DHCP server and if the user knows the other IP segment
they can add a route for the other IP segment through the IP of the DHCP.  a system on the other side would need to do the same.
i.e. user A on VLAN86 with IP 10.0.0.3 wants to access resources on user B's system on VLAN89 with IP 10.0.1.3
The .2 IPs are the DHCP server.
user a  runs:
route add 10.0.1.3 mask 255.255.255.255 10.0.0.2
user b runs:
route add 10.0.0.3 mask 255.255.255.255 10.0.1.2

and effectively they breached your VLAN since they can access each other's system without conforming to the ACL if any you setup dealing with inter VLAN communication.
0
 
adjaddyAuthor Commented:
Arnold
good point on the VLANs. In fact, the design we have is for users on both VLANs to access resources on either side. and they are able to. the problem i have here is the fact that the Dhcp server seems to struggle especially with dhcp requests from the other vlan (86Vlan).
0
 
oferamCommented:
If the DHCP scope of each VLAN match the IP Address scope of that server NIC you shouldn't have a problem giving IP Addresses.
0
 
arnoldCommented:
IP conflict means the same IP is being allocated or an IP is being allocated that is configured as a static IP on a different system.
Presumalby the reason for the VLAN is to manage the broadcast traffic since you say there are no limits on users accessing one VLAN from the other.

How Many IPs in each scope is the DHCP server configured to allocate (getting the statistics) on the scope you can see how many IPs can be allocated?

I'm trying to see whether your server always allocates from the same block.
Check the leased IP section of each scope as well.
 
0
 
adjaddyAuthor Commented:
armold
this is the current allocation statistics

84Vlan
total Addresses: 369
in use          :       322 (87%)
available     :        47 (12%)

86 Vlan
total addresses : 427
in use          : 172 (39%)
available     : 265 (60%)

Lease Period = 3days

Oferam
the dhcp scope of each VLAN matches the IP address scope of either NIC on the server.
0
 
oferamCommented:
Do you have the situation aside from duplicate IP that machines get's the "wrong" IP Address of the other VLAN?

If this is not the case then my guess that the solution above should sove your problem of duplicate IP. Note that when you instruct the DHCP Server to check if an IP is free before allocating then even if someone defined a static IP in that scope it will skip it.

0
 
adjaddyAuthor Commented:
oferam
no device/user on the other vlan gets a wrong IP address. The 86Vlan suffer the most because all of our servers are on the 84Vlan and so they have to 'cross over' in order to access any resources. They sometimes have intermittent loss of connectivity as well
0
 
arnoldCommented:
Ok, Double check the netmasks.  You use a multi segment IP
i.e. 192.168.0.0 255.255.254.0 to hand out 192.168.0.2 through 192.168.1.254.

Why do you have a three day lease?  A shorter period would expire the unused IPs quicker while at the same time minimizing the possiblity that a system that has been off for two days on boot tries to use the same IP it previously had.

The issue might also be because you have windows or software firewall enabled on the workstation client without an exemption for ping.  Ping is how the DHCP service verifies,checks whether an IP is still in use.  The windows or any firewall on the workstations would lead to a conclusion by the DHCP server that the IP is no longer in use and could allocate it to another system.
0
 
oferamCommented:
Your servers uses DHCP assigned addresses? This can't be a good thing. Servers "like" static IP, a lot of application depends on that, and if the IP change the application can break.

Your DHCP Server is the router between those two networks? "intermittent loss of connectivity" sounds like another networking problem - is this the same issue?
0
 
ehsan2939Commented:
try using ipconfig/release

and ipconfig/renew and test that if your problem is solved or not
0
 
adjaddyAuthor Commented:
Led to the solution. thanks a lot
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now