Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DHCP/VLAN - Clients assigned old IP address when changing VLANs

Posted on 2014-02-03
6
Medium Priority
?
3,944 Views
Last Modified: 2016-11-23
Hello thanks for reading!

We're currently having a problem in which DHCP clients that move between VLANs are assigned their old IP address if it's available. They should be getting a new IP from the subnet that they moved to, but instead get their old IP that isn't routable in the new network segment.

We have a Dell Powerconnect 7024 at the core of our network with 3COM switches at the edge. The Powerconnect is the default gateway for everything on all subnets and is configured with 4 primary VLANs.

VLAN10 = Main Data LAN (192.168.1.1)
VLAN11 = Secondary Data LAN (192.168.0.1)
VLAN20 = Voice LAN (192.168.10.1)
VLAN30 = wireless LAN (192.168.30.1)

There is one Windows 2003 DHCP server in VLAN10 with a single superscope that contains 4 scopes, one for each subnet.
All VLANs have full access to each other.
The PC 7024 has a global IP Helper to forward DHCP requests to the DHCP server.

If I connect Laptop1 to VLAN10 then it will pull an IP address from the correct scope.
If move Laptop1 to any other VLAN then it will pull the same IP address that it had received from VLAN10 instead of getting a new one. An ipconfig /release and /renew will return the same, incorrect address it had before.
If I delete the lease on the DHCP server then it will still pull the old address.
If something else takes the IP address that Laptop1 had in VLAN10 and then I move Laptop1 to another VLAN then it will pull an address correctly.
If I statically assign Laptop1 in any other VLAN then it will work normally.
If I create a reservation for Laptop1 in any other VLAN and then move it there, it will pull the reserved IP correctly.

I had Dell support look over the switch and they said that the IP Helper setup looks normal to them and they don't think it's the switch.

The IP Helper must be doing something correctly or else none of the other VLANs would get DHCP from the correct pool the first time they request an IP.

From what I understand the Dell should be inserting it's interface IP into the giaddr portion of the DHCP packet, which has to be working somewhat for the other subnets to get the correct DHCP address the first time they connect.

I ran a Wireshark trace on my laptop during one of these requests and can see that it's requesting its previous IP address. But, instead of receiving a DHCP NACK packet I'm getting an ACK back w/ the old IP.

I want to get a packet trace on my DHCP server to see what's happening there, but don't have the ability to put that in place right now.

Has anyone seen anything like this before or have some next steps I might be able to take?

Thanks!
0
Comment
Question by:sfcanderson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39829993
Seems to be definitly network related somewhere. Do you have the DHCP server configured using the VLAN ID's in the Scope Options (132)? Have you tried clearning the arp (arp -d) on the workstation and the also ipconfig /release /renew and making sure that the lease have been removed from the DHCP side.

Will.
0
 

Author Comment

by:sfcanderson
ID: 39830067
I just moved my laptop from VLAN10 to VLAN11, deleted the lease from DHCP, cleared the ARP cache, then renewed the IP and still got the old address from VLAN10.

We don't have any VLAN IDs set in the scope options. I understood that was only for situations where some or all VLANs were tagged (e.g. computers piggy backing off phones and tagging the VOIP traffic). We don't have any VLANs tagged on non-trunk ports, so it wouldn't help here.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 39831385
Found a similar problem and it dealt with the way the DHCP scope was created on the Windows server.

They had a "super scope."

https://supportforums.cisco.com/thread/2158840
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 17

Expert Comment

by:pergr
ID: 39831959
You may want to activate "option-82" under the helper feature, so that the switch will tell the server what vlan/port the request comes from.

Then on the DHCP server you will need to use the information (option-82) forwarded by the switch.
0
 

Author Comment

by:sfcanderson
ID: 39833618
giltjr,
Great find, thanks! The superscope problem might be the same one we're facing, so I created a new DHCP server without it. I've successfully moved one scope over without problems and will be doing the rest this week.

Once I confirm they all work without the superscope I'll get back to you and close this out.
0
 

Author Closing Comment

by:sfcanderson
ID: 39842112
We ended up moving the DHCP scopes from a Windows 2003 server that had them under a superscope to a Windows 2008 R2 server that had individual scopes for each range and have not had a problem since.

Thanks again!
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question