Solved

DHCP negotiation failure

Posted on 2006-06-29
8
1,167 Views
Last Modified: 2013-11-30
I'm having a problem with intermittent connectivity to my ISP.  Every few minutes, hours, or days (it varies) my internet connectivity will slow to a crawl and eventually fail altogether.  No traffic in or out.  The solution is to reboot the firewall and then service will return until the next incident.  The components involved are a Watchguard SOHO 6 firewall to a Motorola Surfboard 5120 cable modem to the ISP, Suscom.   The Soho is at the latest firmware revision.
The Soho's log file reveals that DHCP negotiation may be part of the problem.  I'm seeing a recurrence of the error message "DHCP response has incorrect ID" timed coincident to the slowdown of internet connectivity.  Otherwise the log file looks normal.   In an attempt to resolve the issue I have installed a hub between the Soho and the cable modem but that has not helped.  I've also tried stepping down the Soho's WAN link speed to 10 half which has not improved things.   Suscom support is unable to find any problem with their service.  Suscom and Watchguard both claim their equipment to be RFC compliant.   My options, as I see them are to swap the Soho or to swap ISPs or to pull more of my hair out (which I really can't afford.)

So, my collegues, the question is:  What tools or techniques might I employ to further diagnose the source of this apparant DHCP problem?
0
Comment
Question by:pnkljohnson2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 2

Accepted Solution

by:
skags442 earned 125 total points
ID: 17010028
for testing's sake, take the soho out of the picture and see how you pc deals with the connection, if all is good with the pc, then you can safly assum its the soho, and if thats the case, your isp might have a certin thing that may need to be set, like the mtu settings. but i would first make sure its the soho first.
0
 
LVL 2

Expert Comment

by:skags442
ID: 17010050
another thing you could try is dissconnect your cable modem from everything including the coax, and let it sit for about 5 min, and try it again
0
 
LVL 30

Expert Comment

by:ded9
ID: 17010117
http://www.gfi.com/

download tools from the above site detects any kind of network problems

Its the no1 software in the market

Reps
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 2

Assisted Solution

by:wtbservices
wtbservices earned 125 total points
ID: 17012731
You said that restarting the router clears the problem so that is where I would start looking. Since you have a hub in the line between the modem and the router I would connect a computer  into the hub and run Ethereal to capture the traffic. Then initiate a DHCP renew on the router and see if you can observe the 4 DHCP packets back and forth (discover, offer, request, acknowledge). Bear in mind that this would likely only be usefull once the connection is down although it could be informative to see what was happenning when it was running smoothly. Also, be sure that the computer you have connected to the hub has a static IP address assigned since you don't want it sending a DHCP request to the modem.
0
 
LVL 2

Expert Comment

by:monkeyjr
ID: 17015589
Please check the DHCP request is from which device by its MAC address. Also check the firewall setting, it seems the DHCP service become DoS attack. Or you can try to drop those packets when these packets come to the firewall from same machine in a short period (ping request, DHCP request, etc).
0
 
LVL 1

Author Comment

by:pnkljohnson2
ID: 17396317
Sorry for not getting back.  I haven't yet returned to the customer's site.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question