Re: XP SP2 cannot contact DHCP after a restart
- From: Chuck <none@xxxxxxxxxxx>
- Date: Wed, 11 Apr 2007 14:11:15 -0700
On Wed, 11 Apr 2007 12:48:02 -0700, vvii <vvii@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
"Chuck" wrote:
On Wed, 11 Apr 2007 11:58:01 -0700, vvii <vvii@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
"Chuck" wrote:
On Wed, 11 Apr 2007 07:54:04 -0700, vvii <vvii@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
"Chuck" wrote:
On Wed, 11 Apr 2007 07:30:02 -0700, vvii <vvii@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
"Chuck" wrote:
On Mon, 9 Apr 2007 08:24:01 -0700, vvii <vvii@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Now I am getting IP: 10.0.0.240/24 every once awhile after I have rebooted
the PCs.
Any other solutions?
What address are you normally getting from DHCP?
When you get the 10.0.0.240/24 address, check "ipconfig /all", and identify the
DHCP server. You probably have a rogue server somewhere, maybe a NAT router
giving out addresses.
<http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html>
http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html
we have a 192.168.1.x network with 192.168.1.2 DNS Server, 192.168.1.1
gateway, dhcp server 192.168.1.2
When I logon to the PC, and do ipconfig /all on the PC, I get the following:
Host Name: XXXXX
Primary DNS Suffix: mydomain.com
Node Type: Unknown
IP Routing Enable: NO
WINS: NO
Dhcp Enable: Yes
Autoconfiguration Enable: Yes
IP address: 10.0.0.241
Subnet mask: 255.255.255.0
Default Gateway:
DHCP Server: 10.0.0.3
Lease Obtained: Monday, April 9, 2007 12:25:19 PM
Lease Expires: Monday, April 9, 2007 12:35:19 PM
My client have to do ipconfig /release and ipconfig /renew in order to get
on to the domain.
OK, find the device with IP address 10.0.0.3 - that's the problem. Someone has
an extra NAT router stashed somewhere, maybe using it as a WiFi AP.
All our PCs, including Severs are all connected to a switch, the switch is
connected to a router and then out to the ISP.
I am kind of confuse, do you mind if you can explain a little bit more
detail.
The addresses that you provided above - "a 192.168.1.x network with 192.168.1.2
DNS Server, 192.168.1.1 gateway, dhcp server 192.168.1.2" suggest a private LAN
behind a NAT router - NOT a switch. You need to understand the difference.
<http://nitecruzr.blogspot.com/2006/02/set-of-simple-network-components.html>
http://nitecruzr.blogspot.com/2006/02/set-of-simple-network-components.html
Your LAN includes a DHCP server which assigns dynamic settings (including IP
address) to any computers asking for settings. That's DHCP.
<http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html>
http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html
A server providing DHCP settings only gets a DHCP request from other computers
on the subnet - DHCP requests don't pass thru routers. You can have just ONE
DHCP server on a subnet, or you can get conflicts.
Your DHCP server is 192.168.1.2, which will generally (but not always) be on a
192.168.1.0/24 network, with a 255.255.255.0 subnet mask.
Your problem computers are getting DHCP settings from 10.0.0.3, which is
generally on a 10.0.0.0/8 network, with a 255.0.0.0 subnet mask. This suggests
that you have an unknown computer / network device on your network that's
issuing DHCP for 10.0.0.0/8.
This problem has been seen here a few times. It's frequently caused by a NAT
router, connected to the network, and being used as a switch or a WiFi Access
Point. Maybe YOU connected it, maybe a coworker did.
Rogue APs are a big problem on many networks. Someone gets used to working at
home, in his bedroom without wires, so he gets to work, someone tells him "No
WiFi here", and he thinks "Why not?". She goes to Walmart, buys a WiFi router,
comes to work the next day, hooks it up, and is online in a couple minutes.
But a NAT router, with the DHCP server giving out settings, will respond to any
computer asking for settings. Computers asking for settings have no way of
knowing if the settings provided are from a legit DHCP server, or an unknown
one, carelessly connected and unknown.
Ping 10.0.0.3. If you get a response, ask why you should, on a 192.168.1.0/24
network?
I try to ping 10.0.0.3, but lost all 4 packets and requested timed out.
Actually, we do have couple D-Link 4-ports 10/100 fast ethernet switch on
some of our cubicle, since we only have 1 ethernet outlet per cubicle, and
sometime they have 2/3 laptops persons.
But I believe that though swtiches doesn't provide IP address.
Please advise
vvii
OK, you're on a 192.168.1.0/24 (probably) subnet. You have a DHCP server,
192.168.1.2. How does all of this connect to the Internet? Makes and model of
the network equipment would go a long way towards verifying your claim.
If you're truly connected to the Internet thru a switch (not a router), and
you're running a private IP network, you are in danger. DHCP is one problem,
but it's not the greatest threat.
1) You have a whole network of computers, exposed to the Internet.
2) You are issuing DHCP settings to any computer connected near you (on the same
side as the upstream router).
3) You are accepting DHCP settings from any DHCP server connected near you (ie
10.0.0.3).
4) You are on a broadcast domain with all computers connected near you.
I highly recommend that you verify your network setup, and take precautions,
before continuing.
We have a private LAN, which connected to a router, and it connected to the
ISP.
However, in our private LAN, we have a switch, which connected to all our
client PCs and Servers.
We also have couple D-Link 4-ports 10/100 fast ethernet switches on some of
our cubicle, since we only have 1 ethernet outlet per cubicle, and sometime
they have 2/3 laptops per person.
Here is my network breakdown:
ISP <-> router <-> firewall <-> switch <-> {Servers and PCs}
OK, that's WAY better. 8=)
So, you're on a private LAN, 192.168.1.0/24, with a DHCP server 192.168.1.2.
Some of your computers are getting DHCP settings from 10.0.0.3. That's a rogue
DHCP server, and it's on the LAN with you, below the router.
Your problem is the rogue DHCP server. Find the rogue DHCP server.
If you have laptops, I'll lay odds someone has setup their own router, WiFi or
otherwise, and left the DHCP server on.
Get PingPlotter, and set it pinging 10.0.0.3. See how close PP shows that IP
address is. Then start unplugging cables from the switches, and watch the PP
display.
<http://nitecruzr.blogspot.com/2006/09/diagnosing-network-problems-using.html>
http://nitecruzr.blogspot.com/2006/09/diagnosing-network-problems-using.html
--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
.
- References:
- Re: XP SP2 cannot contact DHCP after a restart
- From: Chuck
- Re: XP SP2 cannot contact DHCP after a restart
- From: Chuck
- Re: XP SP2 cannot contact DHCP after a restart
- From: vvii
- Re: XP SP2 cannot contact DHCP after a restart
- From: Chuck
- Re: XP SP2 cannot contact DHCP after a restart
- From: vvii
- Re: XP SP2 cannot contact DHCP after a restart
- From: Chuck
- Re: XP SP2 cannot contact DHCP after a restart
- From: vvii
- Re: XP SP2 cannot contact DHCP after a restart
- Prev by Date: Re: work Laptop is not accessible by others PCs on home network
- Next by Date: Re: Two-computer network, MSHOME is not accessible" on both
- Previous by thread: Re: XP SP2 cannot contact DHCP after a restart
- Next by thread: Re: Different Private IP's on the Same Subnet
- Index(es):
Relevant Pages
|
