Hi Chris,

I have quickly reviewed your configurations but I do not see any obvious issue. Especially the switch should not have any issues refreshing an IP address lease.

From an IP point of view, the difference between obtaining a new IP address from a DHCP server and renewing a lease from DHCP is that the renewal is done using unicast - from the client's momentary IP address to the DHCP server's IP address. This is different from obtaining a fresh IP address where the client usually sends a broadcast from 0.0.0.0 to 255.255.255.255.

A couple of suggestions:

• It would be very helpful if you could install Wireshark on one of the computers that is affected, and capture the traffic on its interface around the time it should renew its lease (the renewal can also be forced using "ipconfig /renew" if that's a Windows box). This should allow us to see how the attempt at the address renewal looks on wire.
• Is the affected host actually able to ping the DHCP server while having its address assigned? Let's test this particular unicast connectivity.
• Would it be possible to run debug ip dhcp server event and debug ip dhcp server packet on the switch acting as the DHCP server, and capture/post the results here? Ultimately, we want to understand if the server is getting the renewal requests, and what it does with them.

Thanks!

Best regards,
Peter

My laptop, for example, had no issue last night.  I woke up this morning and it had no IP address (wifi) and was issued a 169.x.x.x address.  It was connected to the WAP, but didn't get an IP back.  I can try the wireshark thing.

Could it be a problem with the WAP? its a WAP371 and each SSID is configured to access the correct VLAN on the switch.

Here is my WAP Configuration.

Hi Chris,

Hmmm... if your laptop had the APIPA address 169.254.x.x/16 instead of the proper one that it means that is has already tried to talk to the DHCP server both via unicast (during refresh) and broadcast (after it failed to get a proper IP address and assigned itself the APIPA address; it would still keep trying to reach the server). This would suggest more that the computer could not reach the DHCP server at all.

Unfortunately, there are too many variables in play to suggest at this point where the problem could be. Ideally, we need a PC/laptop in the problematic state to start the troubleshooting off that state. Are you able to reproduce the issue on demand? Again, assuming that the laptop is running Windows, the sequence of commands ipconfig /release and ipconfig /renew completely restarts the DHCP process. Would you mind trying this a few times - always the /release first, then the /renew - to see if you can reproduce the problem?

I'll check the WAP configuration but I only have limited experience with WAPs.

Best regards,
Peter

P.S.: My sincere apologies for confusing your name in this response - it was entirely inadvertent. Corrected it... My apologies once again.

Yes, I can reproduce the problem simply by setting my wifi adapter to (obtain automatically) instead of static assignment.  That is when it will lose connection.  When I do this, I will have wireshark running on my laptop. Give me a couple of mins to get the report going. I will post the wireshark report soon.

Attached is the wireshark report.  Not sure how to get it to a word or notepad file. This is the actual wireshark record.

Chris,

I've checked the PCAP file - thanks for providing it so expediently! - but there are no DHCP packets there whatsoever (the filter to display DHCP packets only is, somewhat unintuitively, bootp as DHCP is an extension of the earlier BOOTP protocol). Either your computer did not send them out that WiFi interface, or the Wireshark did not capture them. Under Windows, this sometimes can happen if you tell Wireshark to set the network card into promiscuous mode. Can you try once again while telling Wireshark not to set the network adapters into promisc mode?

Thanks!

Best regards,
Peter

New problem now.  My Domain Controller cannot communicate with any devices on any VLAN except for VLAN 21.  My laptop is showing as "Unauthenticated" and when I try to force a Group Policy Update....it responds back with "Cannot update Group Policy because there is no network connectivity to the Domain Controller. Domain Controller not found."  So, basically, unless I am connected to VLAN 21, I have no connection to the Domain Controller. The DC is on VLAN 21.

I seem to be getting an IP address correctly on other VLANs except for VLAN 21. There is something going on with the Switch Routing between VLANs and the Switch DHCP Servers. I think I configured everything incorrectly.  Maybe I should I have the DHCP Server on the Router instead of the Switch???

When I am connected to a network that is assigned to VLAN 25, I can still PING the Domain Controller with success.  Which is really weird.

Chris,

Let's focus on one issue at a time; it is likely that if that one gets resolved, the others will improve or become resolved, too.

As your switch is configured for inter-VLAN routing and does not have a trunk extended to the router, having the DHCP server on the router would not help you; you would need to configure a DHCP Relay on your switch. In fact, you do have a DHCP server on the router (configured for 10.0.0.0/16 which is confusing at best as it overlaps multiple VLANs at once - but once again, as the switch is the L3 device isolating the VLANs, the DHCP broadcasts in those VLANs do not reach your router so there is no immediate danger of two overlapping DHCP servers in your network).

We have started looking on the DHCP issues for clients in VLAN 21. So far, we know that if they connect through WiFi, they won't get their IP settings through DHCP, and if they are configured with a static IP configuration, they work - is this correct?

If so, can you try connecting a test PC/laptop to the VLAN 21 via a cable, bypassing the WiFi, and see if the PC get obtain its IP settings through DHCP? I need to understand if the problems are caused by the WiFi part of the network.

Thanks!

Best regards,

Peter

The DHCP on the Router for Network 10.0.0.0/16 was my OLD network.  All one VLAN.  I changed my network to multiple VLANs using the switch because the network performance started to decline rapidly due to all the traffic from all the devices and the servers.  So I am trying to segregate my network to ease the work load on the servers, the switch and the router. I just do not know how to remove the DHCP Settings off the router.

CORRECTION....my domain controller server cannot communicate with ANY client on ANY VLAN. I can ping the Domain Controller (10.0.1.5) and get responses, but there is no Domain Communication whatsoever. So I do not have access to any Server Resources. My other server is also "Offline" and it too is on VLAN 21.  Both servers have a static IP that is excluded in the DHCP Pool on the switch. But no host can communicate with any of the servers.  Both servers can be pinged from any VLAN and from the switch.

I attempted to connect my Laptop via Cable directly to the Switch via port G2/0/3.  I configured the port as such:

Switchport mode access

Switchport access vlan 21

spanning-tree portfast

no shutdown

when I connected the cable to my laptop, no ip address was issued it seems.  It just said "identifying..." and would not let me connect to the internet.

I will try again to confirm what I just stated.