Hi.
General Network environment: HP/Aruba Switches Clearpass for 802.1x Airwave for managing WAPs
General working case:
Laptop connects to SSID1, assigned vlan 30 for this preauth area. User auths accounts, Clearpass checks auth, assigns user role. Clearpass user role sent to Airwave, Airwave assigns vlan for user role(vlan 10 in this example), Switch has vlan 10, sends dhcp relay to dhcp server. Laptop assigned IP from vlan 10, everyone is happy.
Current issue occurs randomly, in a conference room of 12 people, 2 people had this issue. Laptop has vlan 30(preauth), user auths, clearpass OK, Airwave assigns vlan 10, Switch sees vlan 10. Laptop ipconfig/all still in vlan 30.
Check mac-address on switch. Switch says mac is assigned vlan 10. Check arp on switch. NO IP.
Check WAP, WAP debug shows client reaching vlan 10's gateway on correct dhcp server, returns with vlan 30 address.
CURRENT WORKAROUND TO FIX ISSUE: On DHCP server, if I find the vlan 30 lease, and make a reservation for it(ex: 10.30.1.1). making 10.30.1.1 to a random mac address.
I deauth the Laptop that is stuck on 10.30.1.1, then the above process starts again and the laptop gets assigned 10.10.1.1 on vlan 10 without issue.
Changes to environment that occurred before this started happening. We had 30+ sites connected via layer2, each 30+ site has its own site server. We consolidated this by bringing them back to main datacenter in the four of 8 different servers. These 8 servers have DHCP, print server, file share, random APPs divided down.
The 30+ sites have their switches routing dhcp to new dhcp server and everything worked... for 98% of machines and seems to not have an issue on any wired connection.
One site started having the above issue, now quite a few have the issue, including the DHCP server that was untouched already providing DHCP for the site holding the main datacenter.
We have been big-time stuck. Wireshark shows requests and discovers on the correct dhcp server, it doesn't produce an offer for those stuck leases until we do the lease reservation workaround.
I heard mention that maybe having 8-9 DHCP servers on the same subnet(the datacenter subnet) could be causing this issue.
Might be some sort of cache/lease issue because it works when we force DHCP to send a new address random than their first existing ones.
Any tips or troubleshooting. If you guys want code snippet or screenshots I can try to provide as well. Would appreciate any help.
Thanks.
Extra notes:
DORA on both server and client.
I did notice wireless clients arent sending DHCP release packet on wireshark.
Happening to windows/iphones/ipads.
netsh winsock reset, arp -d, ipconfig /flushdns, DHCP reconcile verified. etc all ran