Security

We are setting up a public wireless network for our student's and BYOD.  Everything worked like it should during testing but when we launched it at our high school we quickly ran into a problem; our DHCP pool (external to the controller) filled up very quickly...too quickly.  After looking into it we found that clients were pulling IP addresses from each of the different VLAN's in our VLAN Pool.  

Here's some basic information

1 Controller

Approx 50 AP's (AP 105)

4 VLAN's - 630-633 in a single VLAN Pool

4 DHCP Pools (X.X.30.X, X.X.31.X, X.X.32.X, X.X.33.X)

When a client does receive multiple IP's they are each in a separate VLAN.  Whie digging into it I've found the same MAC Address listed multiple times in the user table for the WLAN.  

I've tested the IP Mobility and DHCP Enforce options on a whim, but they didn't make any difference.  I'd clear my DHCP leases and within minutes a client would have 3-4 IP's again, one in each VLAN.  

It seems like I'm missing something basic, but I can't figure it out.  

Hows your VLAN pooling configured ? Hash or Even ?

Sorry for the delay...apparently the reply via email option doesn't work.

Our VLAN pool is set up as even distributiion.

I saw that myself when I enabled VLAN Pool even but see this post Ryan was able to have successful deployment using VLAN Pool Even and he enabled "Preserve VLAN" to prevent that issue:

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Hash-vs-Even-VLAN-pooling-results/m-p/212523#M42154