Multiple-VLANs, single DHCP server

ryan.meskill · ‎03-22-2013

So I'm not quite sure what's wrong here. I have a switch which runs two VLANs, one trusted (50), one untrusted (55) and has ports dedicated to each. Both VLANs use a single DHCP server, homed on the trusted (50) VLAN. On my wireless setup this works seamlessly, however, on some untrusted ports I'm pulling trusted IPs. See relevant code below:

interface GigabitEthernet0/45

description Student_Uplinks

switchport access vlan 55

spanning-tree portfast

!

interface GigabitEthernet0/46

description Student_Uplinks

switchport access vlan 55

!

interface GigabitEthernet0/47

description Student_Uplinks

switchport access vlan 55

spanning-tree portfast

!

interface GigabitEthernet0/48

description Student_Uplinks

switchport access vlan 55

!

interface Vlan1

no ip address

shutdown

!

interface Vlan50

ip address 10.50.50.7 255.255.255.0

!

interface Vlan51

no ip address

!

interface Vlan55

no ip address

ip helper-address 10.50.50.31

!

ip default-gateway 10.50.50.4

So 10.50.50.31 is the (Windows) DHCP server for both VLANs, but for some reason, some of the untrusted (55) ports are pulling trusted (50) addresses and I can't sort it out. The next hop (10.50.50.4) is an ASA which knows 55 is untrusted (security of 50 versus trusted's 100), but doesn't seem to be working properly...

paul driver · ‎03-22-2013

Hello

Are you saying you dont wont hosts in vlan 55 to receive dhcp requests? - If so remove the ip helper address from SVI 55 as this is relaying requests too the dhcp server?

interface Vlan55

no ip helper-address 10.50.50.31

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ryan.meskill · ‎03-22-2013

No, I do want them to receive requests, but on VLAN 55, which is where they're sourcing from, so I'd think they'd get a response on that VLAN. The only thing is that the DHCP server is on the trusted vlan (50), so for whatever reason it appears to be giving out VLAN 50 addresses to devices on VLAN 55.

paul driver · ‎03-22-2013

Hello,

Have you checked the windows dhcp scopes ranges

res

paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ryan.meskill · ‎03-22-2013

Yes, I have checked the DHCP scope ranges-they work fine on wireless...

paul driver · ‎03-22-2013

Hello,

What is the subnet range of those scopes you ae showing-

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ryan.meskill · ‎03-22-2013

10.50.50.0/24, 10.50.54.0/23

paul driver · ‎03-22-2013

Hello Ryan -

We can setup some debugs to try and capture whats going on

But first Is it possible?

You could a rouge dhcp server.

Do you have a wlc ( wlan controller) could that be be relaying for that subnet?

res

paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ALIAOF_ · ‎03-22-2013

Setup an SVI for VLAN 55 with an IP address please in that VLAN and leave the ip helper command and retry.