Sounds like someone on your CCA protected subnet was bridged with your 
non CCA protected subnet

Flagg, Martin D. wrote:

>We had an interesting issue the other day.  Non-CCA users all of a
>sudden starting getting CCA DHCP address's and were requested to
>download the client.  This happened in many different areas of Campus.
>The only way to fix it was to delete the users from CCA(the users logged
>on) and do an Ipconfig /release and renew.  Magically the clients would
>then be in the correct non-CCA VLAN.  
>
>To fix the problem Campus wide, I ended up rebooting the CCA server and
>the problem has cleared up (cross-fingers).  I had not rebooted CCA in
>months and the only thing I could figure out is, the non-CCA DHCP server
>glitched and did not give an IP address before CCA DHCP could respond.
>However, CCA should never have given out an address on that VLAN (not
>configured to and has never done it in the past).  That is when I
>decided something was broken as opposed to a misconfiguration, I
>rebooted CCA and it worked fine since.
>
>Overall a very disturbing episode to have users randomly thrown in
>different VLANs.  Especially when we are not using dynamic VLANs.  We
>are still running 3.52 but plan to upgrade (not to 3.6) over break.
>
>
>Martin D. Flagg
>Network Engineer/Administrator
>Hiram College
>  
>


-- 
John Stauffacher, CISSP
Network Administrator
Chapman University
[log in to unmask]
ph: 714.628.7249
"An idea that is not dangerous is unworthy of being called an idea at all" - Oscar Wilde
"One could write a history of science in reverse by assembling the solemn pronouncements of highest authority about what could not be done and could never happen." -Robert A. Heinlein