Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Non-Routed Guest VLAN keeps last IP until Release Renew

Status
Not open for further replies.
smcan22

smcan22

IS-IT--Management
Oct 21, 2008
7
US
I have a chain of 3550 and 3750's with several VLANs. Two of the 3550's are handling the Inter-VLAN routing for all VLANs with the exception of a newly created Guest VLAN. This guest VLAN is in the L2 VLAN database of each switch and terminates at an Untangle Firewall appliance which provides DHCP for the Guest VLAN. If a system is plugged into a Guest VLAN port or connects wirelessly to the Guest VLAN, the system will retain it's previous IP address until an ipconfig /release renew is done then it gets the appropriate IP address and all is well. I'm pretty sure it's not the DHCP server as it had the same behavior connected directly to the Comcast router using it's DHCP server.

Any clues are greatly appreciated.
 
Sort by date Sort by votes
Show us the switchport configuration for the switchport the guest device is patched to.
 
Upvote 0 Downvote
Do you mean the port the Untangle appliance (Router/DHCP Server) is connected to or any Guest VLAN port?

Following is both examples as well as a switchport connected to an AP:

Switchport connected to Guest Router:

interface FastEthernet0/1
description CONN-to-ROUTER
switchport access vlan 202
switchport mode access
spanning-tree portfast
end

Switchport for cabled guest VLAN access:

interface FastEthernet1/0/1
description TEST-GUEST-VLAN-202
switchport access vlan 202
switchport mode access
spanning-tree portfast
end


Switchport config for connected to AP:

interface FastEthernet1/0/6
description 1635AP1
switchport trunk encapsulation dot1q
switchport trunk native vlan 205
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust cos
auto qos voip trust
end


 
Upvote 0 Downvote
There isn't really enough information to provide a reasonable answer...

How are you doing this? Are you physically disconnecting a device from a 'corporate' VLAN port and then reconnecting it to a port in the Guest VLAN? What are the clients and do they recognise the media being disconnected? If this is the case and there are different DHCP servers handling the scopes for the different VLANs then this should work. There is likely to be a delay but nothing really significant. You have STP portfast enabled on the access ports I assume?

Andy
 
Upvote 0 Downvote
ADB100: All of your assumptions are correct except while its happening to me when I disconnect from a "corp" vlan then connect to the "guest" vlan, it's also happening to the guests that come in from wherever and turn on their systems. Sometimes they get an IP after the initial first boot and login, sometimes I have to have them reboot or "repair" their connection. If I'm in the area I'll do an ipconfig /release renew for them to get them an IP.

Unfortunately, it's not just a delay. On several different client systems I've tested this (WinXP and Win7 clients) and approx 2/3 of the time it will just sit there with the previous IP address and the yellow warning on the network connection for as long as I leave it.

There are different servers handling DHCP. Windows server handles DHCP for all our other vlans. The referenced router/appliance handles the DHCP for the guest vlan. The same problem existed before I had the appliance in place and just used the Comcast router DHCP.

Thats why this is so baffling to me. It's just a big broadcast domain. I've checked and rechecked the config of every switch and involved switchport along the way.
 
Upvote 0 Downvote
Do you have DHCP SuperScopes configured on the Windows Servers?
 
Upvote 0 Downvote
I don't know then.
I have a network consisting of several 3560's, a 3550 and a 2950 and I don't see any behaviour like you are seeing. If I disconnect a workstation and move it to a different port/VLAN it simply picks up a new DHCP IP address and works. All but a couple of VLANs (and there are about 20) are handled by the same Windows 2003 Server. For testing I have some VLANs behind an ASA and a PIX and the DHCP for these VLANs are handled by the ASA or PIX. Even these are work faultlessly.

Do you have Trunk ports connecting any of the DHCP servers? I know some (most?) NIC drivers strip off the 802.1q VLAN tag before passing the packet to the host and it can be confused as it will see untagged frames that should be forwarded by a DHCP Relay.

Other than that I am stumped unless you can post configs?

Andy
 
Upvote 0 Downvote
Like you, I have 18 other VLANs that have never had this issue. I can hop between them and pick up the new IP in seconds. The only thing different about this VLAN is I'm not routing it via Inter-VLAN routing and it has it's own DHCP server.

No trunk ports connected to DHCP servers, all access ports.

Thanks for taking some time thinking about it. I'll keep digging.
 
Upvote 0 Downvote
I'd get WireShark on and mirror the Guest port the device moves to as well as the port where the DHCP server supporting the VLAN is connected and have a look.

Good luck

Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

woza
  • Locked
  • Question
GNS3: Delete the lines "transport preferred none"
Replies
1
Views
321
DrB0b
DrB0b
cheikhdtn
  • Locked
  • Question
VLAN
Replies
3
Views
139
iggsterman
iggsterman
Delta5
  • Locked
  • Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
561
iggsterman
iggsterman
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
114
mikey789
mikey789
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
143
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top