DHCP Crossing VLANS!?!?

Unanswered Question
Aug 26th, 2008

Problem: We have a lab router (2620) on the outside of our local LAN. The router is set up do give public IP's. It is connected to the local LAN by a VLAN (island). A few days ago we had a hand full of user on a completely separate internal VLAN pull IP's from this "external" router. We shut down the port while we looked in to it. We found nothing that would elude to this being able to happen. We re-enabled the port and haven't had any more issues. So I was hoping someone could enlighten me on what might have taken place.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
pwwiddicombe Thu, 08/28/2008 - 13:56

Do you have ANY possible physical path from that interface to the vlan where the users are? Could someone have inadvertently cross-connected something unintentionally or other (even as a test)? You can forward IP requests that would cross VLAN boundaries via DHCP helper-address, but it will still only provide IP addresses suitable for the interface (and ANY interface) physically connected to the users' VLAN or physical segment.

I have seen users connect a linksys router onto a network, and the linksys will then provide bogus addresses for the network; but that's perfectly explainable, as it's effectively a DHCP server directly connected.

Actions

Login or Register to take actions

This Discussion

Posted August 26, 2008 at 6:35 AM
Stats:
Replies:1 Avg. Rating:
Views:451 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,155
3 7,730
4 7,083
5 6,742
Rank Username Points
140
72
69
65
45