Solved

Rogue router / DHCP on network

Posted on 2014-12-02
7
129 Views
Last Modified: 2015-01-12
Hi - I do work for a school where there are about 100 computers on site that basically just connect to the internet, no true AD network. I received a call over the weekend telling me that as of last week there were some that were able to get online, and some that were not. For the ones that were not, I was able to connect to them remotely, but could not connect them to internet at all. The ones that could not connect we're getting a way different IP address out of the range on the router, telling me that there was some rogue device running dhcp, as if someone had plugged in another router somewhere on campus. How would I go about troubleshooting this WITHOUT having to go to each network jack on campus to make sure no device is plugged into it? Any suggestions would be helpful. Thanks!
0
Comment
Question by:hodgem
7 Comments
 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
ID: 40476278
Run Wireshark on a PC and do an IPconfig/release followed by ipconfig/renew.

Do you see DHCPoffer from any other DHCP.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40476288
On one of the hosts that have an incorrect IP address, determine the MAC address of the default gateway (ipconfig to get the DG IP address and arp -a to get the MAC address).

Then start checking the MAC address tables of the switches looking for that MAC address. It will lead you to the port that the illegal device is connected to.
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40476568
This might help if you run DHCP off of a Windows based server..

http://technet.microsoft.com/en-us/library/ee941207%28v=ws.10%29.aspx
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:hodgem
ID: 40476646
Update - it seems to be getting an IP address from the correct router (192.168.0.1) but the DNS server is 10.100.1.1 where it should be another couple of IPs - where it's getting this DNS address from, we don't know...
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40476666
Probably statically defined on the PC.
0
 

Author Comment

by:hodgem
ID: 40476742
Hi - not statically defined - that DNS isn't  on our network - affecting multiple machines
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40476774
Right.

What I'm saying is that if the DNS entries are statically defined on the PC you can still get an IP address from a DHCP server but the DNS entries will not be accepted from the DHCP server.

The question that I have is whether the DNS settings on these PC's are statically defined.

If they aren't, then I would verify that the IP address, DG and DNS addresses are coming from the correct DHCP server.  Use the ipconfig/all command to see what the IP address of the DHCP server is.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question