Hi Daniel, Thanks for the suggestions, but we're using the built-in Clean Access DHCP. But it basically boiled down to the same thing, differing ARP records for the same IP address.
Justin Howell Telecommunications Network Technician Solano Community College -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Sichel Sent: Wednesday, April 02, 2008 10:30 AM To: [email protected] Subject: Re: Blackholed computer after DHCP >Any one seen this? Or have suggestions? Cisco was not very helpful last tim >e I called ("Just make two subnets - that IP problem is your problem not Cl >ean Access's") so I'm hesitant to open another TAC and spend my week on the >phone. This probably won't be much help, but I would try this, especially if I were using Microsoft DHCP. We had a similar issue on our network and this what we did to resolve it. Other than that, Like T-Rex in Dinosaur comics, I promise nothing. When you see the phenomena, check DNS and see if the address is still attached to some other PC, in both The forward and reverse zones. If not, immediately turn off or unplug the Ethernet connection of the black holed computer. Go to another machine and ping the affected address to further check if the address has been double issued. Finally check the arp cache on Your firewall/gateway for the problem machine and see what the mac address for the IP matches up to. If you have Cisco switches, you can List mac-address-table and find what port the desired mac address is attached to and hence its location. Not sure how to find it on Other brands. Alternatively, if you needed an excuse to physically visit every IP address on campus one by one, this is it :). Once you find the machine/device that has the same IP you may be able to resolve why it has it, or why it hasn't let go, or why it isn't Properly in DNS or whatever. If you are using Mickysoft DHCP check in DNS (yes DNS) to see when you scavenge records and how Stuff is refreshed, getting the scavenge value wrong causes bad DNS references to hang around. The downside here, is I cannot recall for sure How it should be. I THINK,(and I really stress I am unsure here so check with somebody competent) that the scavenge period must be longer than the refresh and expiration periods. Daniel Sichel, CCNP, MCSE,MCSA,MCTS (Windows 2008) Network Engineer Ponderosa Telephone (559) 868-6367
