|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Weird DHCP behaviour in different VLANi'm stuck on the following problem with XP clients on a switched network: Several windows xp professional (SP1 and SP2) clients, members of a Windows 2003 Domain boot daily on a switched network, getting a dynamic IP address without troubles (DHCP Server = Windows 2003 DC) as long as they live in the default vlan 1. As soon as i move a workstation to a different VLAN by setting the switch port to the desired VLAN, windows is no longer able to get an IP address. There is a firewall (Checkpoint) between the clients on this VLAN and the DHCP aerver which has as dhcp relay service configured to forward the DHCP Discovery packets straight to the DHCP server. But: WLAN also lives in a different VLAN and the same firewall separates both client and server in the same manner as described before and guess what: it works for WLAN! Trying to isolate the cause, i've booted one of this XP workstations from a Live-Linux CD and it worked flawlessly, thus i'm pretty confident that the problem is not on the firewall or switch configuration. Also a PC with Vista RC1 manages to get the IP address from DHCP within the same VLAN, with the same patch cable, pluged to the exact same switch port! At the company i work for, there are lots of other locations i´ve set up in the same manner and had no such problems. Initially, i was excluding the possibility this could be related to group policies or XP SP2 Firewall (which is turned off by GP) since the DHCP procedure happens much earlier than that, nevertheless now i'm starting to think that this could in fact be a XP TCP-IP related issue. Did you already had similar problems, any idea i could go for? Many thanks in advance and sorry for the long post. Filipe From your description the problem does sound as if it's client-side. Have
you run a packet trace to verify that the affected XP workstations are in fact putting DHCPDISCOVER packets on the wire? If so, do you see a DHCPOFFER reply coming from the server on the other subnet? Hello Dan,
thanks a lot for your answer. In fact, i did already traced the network and found out that the client sends out the DHCPDISCOVER to the broadcast, which gets catched by the firewall and forwarded to the DHCP Server. The DHCP Server sends out a DHCPOFFER reply containing the right information (IP address, Mas, Lease Time, Router, etc...) which the client is able to see but doesn't "use" it. No DHCPREQUEST and ACK from here, it just stucks... Thanks so far Filipe Show quoteHide quote "Dan Abernathy" wrote: > From your description the problem does sound as if it's client-side. Have > you run a packet trace to verify that the affected XP workstations are in > fact putting DHCPDISCOVER packets on the wire? If so, do you see a DHCPOFFER > reply coming from the server on the other subnet? > Hmm.
http://support.microsoft.com/kb/835304/en-us Are you seeing three DHCPOFFER replies from the server, or only one? According to this article, under certain circumstances, XP clients send out three DHCPDISCOVER packets, and only accept the third DHCPOFFER received. Could be your firewall in the middle is rejecting the "duplicate" discovery packets from the client, and only forwarding the first one on to the server - which would generate only one offer reply from the server. Hello Dan,
i got 3 of them, everything is coming through. After being stuck on this for 3 days now, i've decided to replace the dhcprelay for this particular VLAN with the one offered by the network switch and it worked right away! I've no doubt that it got to be related to the relay agent at the firewall but, why does this works with Vista and with Linux and with XP doesn't? Got to be a misunderstanding between the checkpoint relay agent and xp's dhcp client, or worst case, a problem with xp's TCP-IP implementation. For now i have a workaround which takes some pressure away but still weird... Thanks for your help so far Show quoteHide quote "Dan Abernathy" wrote: > Hmm. > > http://support.microsoft.com/kb/835304/en-us > > Are you seeing three DHCPOFFER replies from the server, or only one? According to this article, under certain circumstances, XP clients send out three DHCPDISCOVER packets, and only accept the third DHCPOFFER received. Could be your firewall in the middle is rejecting the "duplicate" discovery packets from the client, and only forwarding the first one on to the server - which would generate only one offer reply from the server I agree, it seems like Windows XP and your CheckPoint box don't agree on
what a proper DHCP sequence looks like. It's difficult to say which one is at fault. The CheckPoint might be "correcting" something it thinks is wrong with the offer packets before passing them to the client network. Cisco's PIX firewalls are notorious for messing with traffic like SMTP when the "fixup" stuff is turned on. I wonder if the CheckPoint isn't similarly enforcing some rigid rules about how it thinks DHCP packets should look, in the name of security. Vista has a totally rewritten TCP/IP stack, and obviously the one Linux is using will be different from XP as well, so you can't rule out something weird with XP's implementation. Microsoft has a habit of occasionally adding proprietary junk to open standards, resulting in sub-par compatibility with non-Microsoft systems. 
Other interesting topics
Accessing 2 networks from 1 PC
Need help with win98 wifi Slow Gigabit network Adding an user to a remote localgroup by scripting I have Outlook Express running on on PC and the laptop. Bad WFI reception Wireless, DHCP, 2 Networks stupid question: see'ing who is looking at a shared folder Problem with VPN and Virtual Machine View Remote Computers in Network Neighborhood |
|||||||||||||||||||||||
