At a field office we have a router serving DHCP for both the Untrusted(vlan10) and the Access(vlan25) vlans.
Everything works fine. A user plugs in, gets a vlan 10 address, the Agent pops up and does it's thing and release/renews the IP after the CAM changes the switchport to the Access vlan. Nice and smooth the PC is in the Access vlan25 and works great all day.
Enter the Generic Timer...at 5:55am every day. Said PC is Kicked by the CAM and the switchport is moved back to vlan10. If the PC was not there, no problem. Return to the top of this email.
However, if the PC was left on and Locked, it is suddenly stuck in vlan10 with a vlan25 address. When the user returns to their PC at 8am they have no connectivity. Rebooting clears things up. Or, it appears that manually doing an "ipconfig /release" then "renew" will also get things moving. But we have an aggravated user who is probably going to call the Helpdesk.
How can we get that vlan25 address released when the PC is Kicked? or, is there a better way to do all this?
Brief initial testing looks good. I will let my test PC get punted overnight and if that goes well I will distribute the "VlanDetectInterval" change to a larger testbed tomorrow.
In my world I have a large chunk of users that are Layer 2 OOB (using the same CAS.) Obviously they do not have to change IP's back and forth. Can you think of a reason it might cause any issues to have the "VlanDetectInterval" parameter on these PC's that are Layer2 OOB ? I'd prefer to have just one config file for all my PC's. whether they are L2 or L3.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...