DHCP Crossing VLANS!?!?

Unanswered Question
Aug 26th, 2008
User Badges:

Problem: We have a lab router (2620) on the outside of our local LAN. The router is set up do give public IP's. It is connected to the local LAN by a VLAN (island). A few days ago we had a hand full of user on a completely separate internal VLAN pull IP's from this "external" router. We shut down the port while we looked in to it. We found nothing that would elude to this being able to happen. We re-enabled the port and haven't had any more issues. So I was hoping someone could enlighten me on what might have taken place.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pwwiddicombe Thu, 08/28/2008 - 13:56
User Badges:
  • Bronze, 100 points or more

Do you have ANY possible physical path from that interface to the vlan where the users are? Could someone have inadvertently cross-connected something unintentionally or other (even as a test)? You can forward IP requests that would cross VLAN boundaries via DHCP helper-address, but it will still only provide IP addresses suitable for the interface (and ANY interface) physically connected to the users' VLAN or physical segment.

I have seen users connect a linksys router onto a network, and the linksys will then provide bogus addresses for the network; but that's perfectly explainable, as it's effectively a DHCP server directly connected.


This Discussion