• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4485
  • Last Modified:

DHCP/VLAN - Clients assigned old IP address when changing VLANs

Hello thanks for reading!

We're currently having a problem in which DHCP clients that move between VLANs are assigned their old IP address if it's available. They should be getting a new IP from the subnet that they moved to, but instead get their old IP that isn't routable in the new network segment.

We have a Dell Powerconnect 7024 at the core of our network with 3COM switches at the edge. The Powerconnect is the default gateway for everything on all subnets and is configured with 4 primary VLANs.

VLAN10 = Main Data LAN (192.168.1.1)
VLAN11 = Secondary Data LAN (192.168.0.1)
VLAN20 = Voice LAN (192.168.10.1)
VLAN30 = wireless LAN (192.168.30.1)

There is one Windows 2003 DHCP server in VLAN10 with a single superscope that contains 4 scopes, one for each subnet.
All VLANs have full access to each other.
The PC 7024 has a global IP Helper to forward DHCP requests to the DHCP server.

If I connect Laptop1 to VLAN10 then it will pull an IP address from the correct scope.
If move Laptop1 to any other VLAN then it will pull the same IP address that it had received from VLAN10 instead of getting a new one. An ipconfig /release and /renew will return the same, incorrect address it had before.
If I delete the lease on the DHCP server then it will still pull the old address.
If something else takes the IP address that Laptop1 had in VLAN10 and then I move Laptop1 to another VLAN then it will pull an address correctly.
If I statically assign Laptop1 in any other VLAN then it will work normally.
If I create a reservation for Laptop1 in any other VLAN and then move it there, it will pull the reserved IP correctly.

I had Dell support look over the switch and they said that the IP Helper setup looks normal to them and they don't think it's the switch.

The IP Helper must be doing something correctly or else none of the other VLANs would get DHCP from the correct pool the first time they request an IP.

From what I understand the Dell should be inserting it's interface IP into the giaddr portion of the DHCP packet, which has to be working somewhat for the other subnets to get the correct DHCP address the first time they connect.

I ran a Wireshark trace on my laptop during one of these requests and can see that it's requesting its previous IP address. But, instead of receiving a DHCP NACK packet I'm getting an ACK back w/ the old IP.

I want to get a packet trace on my DHCP server to see what's happening there, but don't have the ability to put that in place right now.

Has anyone seen anything like this before or have some next steps I might be able to take?

Thanks!
0
sfcanderson
Asked:
sfcanderson
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
Seems to be definitly network related somewhere. Do you have the DHCP server configured using the VLAN ID's in the Scope Options (132)? Have you tried clearning the arp (arp -d) on the workstation and the also ipconfig /release /renew and making sure that the lease have been removed from the DHCP side.

Will.
0
 
sfcandersonAuthor Commented:
I just moved my laptop from VLAN10 to VLAN11, deleted the lease from DHCP, cleared the ARP cache, then renewed the IP and still got the old address from VLAN10.

We don't have any VLAN IDs set in the scope options. I understood that was only for situations where some or all VLANs were tagged (e.g. computers piggy backing off phones and tagging the VOIP traffic). We don't have any VLANs tagged on non-trunk ports, so it wouldn't help here.
0
 
giltjrCommented:
Found a similar problem and it dealt with the way the DHCP scope was created on the Windows server.

They had a "super scope."

https://supportforums.cisco.com/thread/2158840
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
pergrCommented:
You may want to activate "option-82" under the helper feature, so that the switch will tell the server what vlan/port the request comes from.

Then on the DHCP server you will need to use the information (option-82) forwarded by the switch.
0
 
sfcandersonAuthor Commented:
giltjr,
Great find, thanks! The superscope problem might be the same one we're facing, so I created a new DHCP server without it. I've successfully moved one scope over without problems and will be doing the rest this week.

Once I confirm they all work without the superscope I'll get back to you and close this out.
0
 
sfcandersonAuthor Commented:
We ended up moving the DHCP scopes from a Windows 2003 server that had them under a superscope to a Windows 2008 R2 server that had individual scopes for each range and have not had a problem since.

Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now