DHCP client moving between networks

Shawn Holland sholland at sandara.ca
Wed Sep 30 22:40:50 UTC 2009

On Wed, 2009-09-30 at 14:57 -0700, Tim Gavin wrote:
> I have a DHCP server (on Debian) that handles several VLANs.  I am
> also in the middle of rebuilding the physical and logical network.
> Occasionally, this means moving large numbers of hosts between vlans.
> A few weeks ago, I moved about 150 users to a new VLAN on my network
> in a midnight maintenance window.  When I did, something unexpected
> happened. . . I changed from a private NAT (172.16.x.x) to public IPs
> (216.x.x.x).

So did you remove the 172.16.x.x pool completely?

> Beforehand, I had set my main DHCP pool to one hour leases 

This main pool.. is it the new 216.x.x.x pool?

> (there were
> roughly 2000 users on it originally).  When I did this, all of the
> clients sent DHCPREQUESTs for their 172. addresses,

Thats expected.

>  and I expected the
> server to respond with a "wrong network" or some other error
> condition, and issue them a new lease.  

If the server is authoritative, and it doesn't know about the lease they
are asking it should send a DHCPNACK 

> Instead, they sent a "DHCPACK"
> and the client kept their lease.  

The server would only ACK if the lease they requested was still valid.

> Obviously, the clients couldn't get
> out, since their network and gateway were invalid.
> At the time, I just killed that VLAN interface on the server, and
> waited for the lease timeout, and reconnected it.  Then the users all
> got new leases.

It is possible that the leases file still contained their valid lease
because it hadn't expired based on what was created originally with the
old lease time.

> I'm going to be doing this again in the future, and will probably be
> doing it with larger numbers of users that will not accept the
> downtime waiting for everyone else's leases to expire.  Can someone
> tell me what I'm doing wrong, or how to work around this?  Most of my
> clients are using Windows clients, but a lot of them are using
> residential routers or computers with other OSs, so there is no client
> consistency.  Since I'm at an ISP, I can't mandate a change client
> side.

I would make sure that the leases file was updated to expire their

> I KNOW I've seen an answer to this somewhere. . . something about a
> guy using his laptop on multiple floors of a building or something,
> but I can't find it anywhere now (wish I had read it then, was looking
> for something else :-/ ), so a link to info would be fine :-D
> Thanks,
> Tim

It would be very helpful to post your dhcpd.conf file before and after
the change. I'm just making an educated guess as to what teh problem is
without seeing the conf.

Shawn Holland
Sandara Technologies Ltd.

More information about the dhcp-users mailing list