dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1526

nkgeorge
@197.159.130.x

nkgeorge

Anon

[CCNA] vlan leaking

hello every one, my name is Nicholas k. George a network engineer trainee in a new data center environment. i have been having an issue in my data center and i will need your help. my data center servers are receiving IP addresses form a dhcp server which is not suppose to. all the servers have been configured with a static IP address.

the dhcp server in my company has been configured with four scopes; 10.0.1.0/24 which is to give IPs to user computers in Vlan 101, 10.0.2.0/24 which is to give IPs to user computers in Vlan 102, 10.0.3.0/24 which is to give IPs to user computers in Vlan 103 and 10.0.4.0/24 which is to give IPs to user computers in Vlan 104.

the servers in the data center are all connect to a catalyst 3560 switches configured in these Vlans 201, 250, 215, 217. no vlan has been allowed on the trunk link (uplink) connecting the data center switches and the switch the dhcp is connected. but yet some nic cards on the data center servers are receiving dhcp IPs from one particular scope 10.0.4.0/24, which means the server will have two IPs which sometimes forced the server to lose connectivity. i have to looked for the card receiving the dhcp IP to disable before connectivity is restored to that server.

now as a temporal solution, i have disabled all unused nic cards on each server, i will be very glad if i can get an expert advice of what could be wrong and the solution to this issue. thank you. hope i will get help soon.

markysharkey
Premium Member
join:2012-12-20
united kingd

markysharkey

Premium Member

Which VLAN's are using which IP range?
What is the native VLAN?

RyanG1
Premium Member
join:2002-02-10
San Antonio, TX

2 recommendations

RyanG1 to nkgeorge

Premium Member

to nkgeorge
unless your servers are in the same vlan as that IPs they are getting this wont happen. Theres info youre not providing or something is a miss here entirely.

This seems more like homework than a real-world problem....

TomS_
Git-r-done
MVM
join:2002-07-19
London, UK

1 edit

2 recommendations

TomS_ to nkgeorge

MVM

to nkgeorge
1. Make sure some numpty hasnt plugged a cable between a port in the server VLAN and the VLAN his PC is in
2. Use wireshark to catch an offending DHCP offer then trace the source MAC back to the port it came from, and promptly go lambast the numpty who set up the offending device or cross connect
3. Configure DHCP snooping to prevent future numptys from causing similar problems

edit: typo correction
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to nkgeorge

MVM

to nkgeorge
May help to supply the configs and diagram of your setup.

Otherwise, if you're looking for a "howto troubleshoot" guide for rogue DHCP servers, 2nd TomS_ See Profile emphatically.

My 00000010bits

Regards
aryoba
MVM
join:2002-08-22

aryoba to nkgeorge

MVM

to nkgeorge
If those NIC cards pickup DHCP IP address, then it means they are setup as DHCP client. When having server NIC as DHCP client is not part of your standard, simply disable DHCP client services on those NICs.

Another approach is to disable the switch ports the NIC connect to. You can either assign the switch port to blackholed (unused) VLAN or simply shut down the switch port.
aryoba

aryoba to nkgeorge

MVM

to nkgeorge
I've seen situations where for some reasons, all the NIC sitting on the same server act as bridge. Therefore the DHCP traffic coming from one NIC that connects to the VLAN 104 traverses to other NICs. When this is the case, you have to disable such bridging setup since the NIC should not be setup in such manner.
tired_runner
Premium Member
join:2000-08-25
CT

tired_runner to nkgeorge

Premium Member

to nkgeorge
This is one of those things where DHCP snooping with lease reservations would swoop in for the win.

Run a DHCP rogue checker on the VLAN in question, or run Wireshark and make note of who's advertising leases aside from the real DHCP daemon.