[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How can an end host host get a new IP address when its VLAN is changed ?

Posted on 2015-01-06
5
Medium Priority
?
357 Views
Last Modified: 2015-01-07
Hi,

I am trying to implement NAC (by ForeScout) in our company.

Before we push automatic VLAN change upon user login (by ForeScout NAC device) into our production network, I am testing end-host behavior by changing VLANs manually from a CounterACT Manager Console. However end hosts are not getting a new IP address after I change their VLAN from CounterACT Manager Console. The work around to this problem is that we manually need to disconnect and reconnect Ethernet cable to the end host NIC for IP address change to take effect.

So to debug more into this, I changed VLAN manually from switch itself & observed that end host is still NOT able to get a new IP. Again this time I had to implement same workaround of disconnecting and reconnecting Ethernet cable to the end host for IP address change to take effect.

When observed on Wireshark, it shows that end host sends DHCP Discovery request for new VLAN only when I disconnect & reconnect the Ethernet cable attached to its NIC.

Before carrying out those tests I had made sure that NIC drivers were up-to-date on the end host.

How do we make end-host get a new IP address without disconnecting (& reconnecting) cable attached to its NIC? Has anybody seen this issue when NAC (Cisco or ForeScout)  is implied ?


Thanks !!!
0
Comment
Question by:CCIE_Universe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 2000 total points
ID: 40534682
When you use DHCP the end computer will not try and get a new address unless:

1) It sees a physical disconnect
2) The lease  expires
3) It is forced to by issuing ipconfig /release then ipconfig /renew.

Changing the VLAN on a port will not cause any of these situations.  You will have to somehow force something.

What I would try is do a "shut" on the interface, change the VLAN, then do a no shut.  The other option is to run a script that will do the /release & /renew.
0
 

Author Comment

by:CCIE_Universe
ID: 40534744
Thanks for the comment/ answer Giltjr, I agree with you.

But still I am confused that there do exist NAC deployments in a production environment in which IP address gets changed for a host. How do they achieve this?

Thanks Again!
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 40534754
I believe if you have a NAC client installed and the switch ports are configured as trunks, the client will detect the VLAN change and initiate release renew.
0
 

Author Comment

by:CCIE_Universe
ID: 40534888
Thanks Giltir !
0
 

Author Closing Comment

by:CCIE_Universe
ID: 40536147
Thanks for the Help!
0

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question