We actually ran into this problem when first setting the Clean Access
Servers up.  It turned out to be the way the traffic was routed.  There
was more than one path for all users, so it took the shortest path,
which was to the CCA server.  I fixed this by only allowing certain
VLAN's to the switch that the CCA server is on.



On Fri, 2005-12-16 at 10:57 -0500, Flagg, Martin D. wrote:
> We had an interesting issue the other day.  Non-CCA users all of a
> sudden starting getting CCA DHCP address's and were requested to
> download the client.  This happened in many different areas of Campus.
> The only way to fix it was to delete the users from CCA(the users logged
> on) and do an Ipconfig /release and renew.  Magically the clients would
> then be in the correct non-CCA VLAN.  
> 
> To fix the problem Campus wide, I ended up rebooting the CCA server and
> the problem has cleared up (cross-fingers).  I had not rebooted CCA in
> months and the only thing I could figure out is, the non-CCA DHCP server
> glitched and did not give an IP address before CCA DHCP could respond.
> However, CCA should never have given out an address on that VLAN (not
> configured to and has never done it in the past).  That is when I
> decided something was broken as opposed to a misconfiguration, I
> rebooted CCA and it worked fine since.
> 
> Overall a very disturbing episode to have users randomly thrown in
> different VLANs.  Especially when we are not using dynamic VLANs.  We
> are still running 3.52 but plan to upgrade (not to 3.6) over break.
> 
> 
> Martin D. Flagg
> Network Engineer/Administrator
> Hiram College