Rogue router / DHCP on network

Hi - I do work for a school where there are about 100 computers on site that basically just connect to the internet, no true AD network. I received a call over the weekend telling me that as of last week there were some that were able to get online, and some that were not. For the ones that were not, I was able to connect to them remotely, but could not connect them to internet at all. The ones that could not connect we're getting a way different IP address out of the range on the router, telling me that there was some rogue device running dhcp, as if someone had plugged in another router somewhere on campus. How would I go about troubleshooting this WITHOUT having to go to each network jack on campus to make sure no device is plugged into it? Any suggestions would be helpful. Thanks!
hodgemAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MiftaulCommented:
Run Wireshark on a PC and do an IPconfig/release followed by ipconfig/renew.

Do you see DHCPoffer from any other DHCP.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Don JohnstonInstructorCommented:
On one of the hosts that have an incorrect IP address, determine the MAC address of the default gateway (ipconfig to get the DG IP address and arp -a to get the MAC address).

Then start checking the MAC address tables of the switches looking for that MAC address. It will lead you to the port that the illegal device is connected to.
0
Rob GMicrosoft Systems EngineerCommented:
This might help if you run DHCP off of a Windows based server..

http://technet.microsoft.com/en-us/library/ee941207%28v=ws.10%29.aspx
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

hodgemAuthor Commented:
Update - it seems to be getting an IP address from the correct router (192.168.0.1) but the DNS server is 10.100.1.1 where it should be another couple of IPs - where it's getting this DNS address from, we don't know...
0
Don JohnstonInstructorCommented:
Probably statically defined on the PC.
0
hodgemAuthor Commented:
Hi - not statically defined - that DNS isn't  on our network - affecting multiple machines
0
Don JohnstonInstructorCommented:
Right.

What I'm saying is that if the DNS entries are statically defined on the PC you can still get an IP address from a DHCP server but the DNS entries will not be accepted from the DHCP server.

The question that I have is whether the DNS settings on these PC's are statically defined.

If they aren't, then I would verify that the IP address, DG and DNS addresses are coming from the correct DHCP server.  Use the ipconfig/all command to see what the IP address of the DHCP server is.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.