Avatar of hodgem
hodgem
 asked on

Rogue router / DHCP on network

Hi - I do work for a school where there are about 100 computers on site that basically just connect to the internet, no true AD network. I received a call over the weekend telling me that as of last week there were some that were able to get online, and some that were not. For the ones that were not, I was able to connect to them remotely, but could not connect them to internet at all. The ones that could not connect we're getting a way different IP address out of the range on the router, telling me that there was some rogue device running dhcp, as if someone had plugged in another router somewhere on campus. How would I go about troubleshooting this WITHOUT having to go to each network jack on campus to make sure no device is plugged into it? Any suggestions would be helpful. Thanks!
Windows NetworkingNetwork AnalysisNetworking

Avatar of undefined
Last Comment
Don Johnston

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Miftaul H

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Don Johnston

On one of the hosts that have an incorrect IP address, determine the MAC address of the default gateway (ipconfig to get the DG IP address and arp -a to get the MAC address).

Then start checking the MAC address tables of the switches looking for that MAC address. It will lead you to the port that the illegal device is connected to.
Rob G

This might help if you run DHCP off of a Windows based server..

http://technet.microsoft.com/en-us/library/ee941207%28v=ws.10%29.aspx
hodgem

ASKER
Update - it seems to be getting an IP address from the correct router (192.168.0.1) but the DNS server is 10.100.1.1 where it should be another couple of IPs - where it's getting this DNS address from, we don't know...
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Don Johnston

Probably statically defined on the PC.
hodgem

ASKER
Hi - not statically defined - that DNS isn't  on our network - affecting multiple machines
Don Johnston

Right.

What I'm saying is that if the DNS entries are statically defined on the PC you can still get an IP address from a DHCP server but the DNS entries will not be accepted from the DHCP server.

The question that I have is whether the DNS settings on these PC's are statically defined.

If they aren't, then I would verify that the IP address, DG and DNS addresses are coming from the correct DHCP server.  Use the ipconfig/all command to see what the IP address of the DHCP server is.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.