asked on

Computers receiving 192 IP addresses rather than our own

I am in a network with approximately 400 users, most of which are dynamically configured. We are starting to experience a situation where our computers are being issued 192. IP addresses instead of our 10.17 IP addresses. It seems to be getting worse and worse. I assume this is a DHCP problem but what is the fix? We have plenty of IP's to lease out. The problem is worse on Mondays when the computers are off all weekend and the IP renews itself. I originally thought this was a wireless problem, but it is even doing it to the hardwired desktops.
We are on Microsoft Server 2003.

ASKER CERTIFIED SOLUTION

that1guy15

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

65td

Sounds like a rouge DHCP server like a wireless router or firewall.
Automatic Private IP Addressing (APIPA), is default 169.254.0.xxx, unless change from default and APIPA is hosing you.

MS doc on APIPA:
http://support.microsoft.com/kb/220874

NetAdmin2436

Yep, I agree with that 1 guy...

In addition, You could go to one of the computers that is getting the rouge IP address and:
start -->run --> cmd --> ipconfig/all
Then you should see a DHCP Server listing. Find that particular DHCP address. Many network printers, firewalls, routers/modems have built in DHCP server abilities. Then once you found the culprit, disable DHCP on it.

bfason

Adding to NetAdmin2436.

After getting the ip address of the dhcp server, ping it then do "arp -a" and get the mac address of the dhcp server. You can then look at the mac table on your switches to determine where it's plugged in at and which device is causing the problem.

Hope this helps.
B

wingatesl

make sure you smack the person with the linksys router that they plugged into your network when you find it.

RefugioISD

ASKER

I found the IP of the rouge DHCP server, 192.168.1.1 ... isn't this just the generic wireless router IP address? When I ping it, I get no reply. But it is out there. Is it not pinging because the 192 address is not one of ours? The rouge addresses are not obviously coming from OUR DHCP server, but now I am at a loss on how to track it down? Can't do the "arp-a" because it won't ping.?

wingatesl

Set a secondary IP address on your workstation to 192.168.1.168 with a subnet mask of 255.255.255.0 and then attempt to ping it

that1guy15

you will need to get on a computer that has been assigned a 192.168 address so you can ping the router. then you can run the arp-a command and get the mac

How large is your office. if its small enough you could most likely just walk around. Chances are they have it just laying around!!

RefugioISD

ASKER

OK, I got the mac address now. I may need a brief review on how to locate the culprit using the mac address.
And I am actually in a school district with three campuses, so walking around to every room is not first on my list!

that1guy15

You will need to log into your network switches and check your mac tables and see which port that mac is connected to then trace it down.

65td

If routers are in the network the rouge DHCP has to be in the same area as the PC's affected.

NetAdmin2436

If you get stuck...download this network scanner and install. It's free, don't worry. It should pick up the rouge DHCP and tell you quite a bit of info about it.
http://lantricks.com/lanspy/

Use the force wisely...

bfason

You can also get the eval of the engineers toolset from www.solarwinds.com and use the switchport mapper tool to find the rogue unit.