Jump to content



Photo

Odd Network Trouble, What Could Be The Problem?

Answered Go to the full post networking dhcp

  • Please log in to reply
9 replies to this topic

#1 goatsniffer

goatsniffer

    Supercalifragilisticexpialidosh

  • Joined: 11-January 04
  • Location: New York, USA

Posted 26 August 2013 - 22:33

I have a client with a small network.

 

Their DHCP is handled by their SBS 2011 server, their are two Belkin wireless devices set up as access points, and there is one tp-link un-managed switch. Other than that there is a Linksys firewall device (gateway) between their network and a cable modem.

 

The issue is that occasionally two specific workstations will drop off the network and I will find their IP addresses to be on the 192.168.99.x range, instead of the 192.168.100.x range. When I look at the network connection on the affected workstations, instead of seeing their domain name in the connection I see 'innotech.com'. This makes no sense to me since no one knows of any other hardware in the building. When the computer get's it's lease from the 192.168.99.x range, it cannot access the resources on their network and I can connect to a gateway on '192.168.99.1' over http and I receive a login prompt, which none of their documented passwords work with.

 

What should I do? How can I find out what device is giving these workstations DHCP leases on the 192.168.99.x range.



Best Answer +BudMan , 28 August 2013 - 16:04

Good news! But having a smart switch would of allowed you to figure out which port it was without having to walk around the building and trace a wire.

Might be something to look into for making your network better.. They are not very costly, give you lots of troubleshooting tools, ability to vlan in the future, rate control of connections quite likely.

Not saying you need a full managed switch like a 2k$ cisco - but a $200 smart makes a lot of sense in a small office vs just a simple dumb switch you would run in your house with a few connections. Go to the full post



#2 Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 20
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 26 August 2013 - 22:41

Seems the Linksys device is providing a DHCP service or some other "rouge" device smuggled on the network is causing it. Some people bring their wireless routers from home and plug them into network jacks in their office which causes headaches as a result because they don't configure the DHCP service to off!

 

Also don't use the 100.x range as cable modems use that to connect to their web interface.



#3 MorganX

MorganX

    MegaZilla™

  • Tech Issues Solved: 1
  • Joined: 16-June 04
  • Location: Midwest USA
  • OS: Digita Storm Bolt, Windows 8.1 x64 Pro w/Media Center Pack, Server 2k12 - Core i7 3770K/16GB DDR3/OCZ Vector 256GB/Gigabyte GTX 760
  • Phone: HTC One 64GB

Posted 26 August 2013 - 22:42

I have a client with a small network.

 

Their DHCP is handled by their SBS 2011 server, their are two Belkin wireless devices set up as access points, and there is one tp-link un-managed switch. Other than that there is a Linksys firewall device (gateway) between their network and a cable modem.

 

The issue is that occasionally two specific workstations will drop off the network and I will find their IP addresses to be on the 192.168.99.x range, instead of the 192.168.100.x range. When I look at the network connection on the affected workstations, instead of seeing their domain name in the connection I see 'innotech.com'. This makes no sense to me since no one knows of any other hardware in the building. When the computer get's it's lease from the 192.168.99.x range, it cannot access the resources on their network and I can connect to a gateway on '192.168.99.1' over http and I receive a login prompt, which none of their documented passwords work with.

 

What should I do? How can I find out what device is giving these workstations DHCP leases on the 192.168.99.x range.

 

Just off the top of my head do an ipconfig /all and get the DHCP server IP. If it's wireless, forget the network. Recommend static IPs.



#4 farmeunit

farmeunit

    The other white meat.

  • Tech Issues Solved: 2
  • Joined: 05-May 03
  • Location: Branson, MO USA

Posted 26 August 2013 - 23:17

As SHoTTa35 mentioned, it sounds like a rogue.  Is it a SMART switch, or completely un-managed?

 

Have you tried removing them from the domain, then re-adding them?

 

Have you switched ports those machines are on, or maybe the NIC settings?



#5 OP goatsniffer

goatsniffer

    Supercalifragilisticexpialidosh

  • Joined: 11-January 04
  • Location: New York, USA

Posted 26 August 2013 - 23:40

'ipconfig /all' on the DHCP server turns up no other interfaces with the offending IP range.

 

I'm not sure why the Linksys device would cause 'innotech.com' to show up in the network properties when the affected machine get's the IP from 192.168.99.1. So I do not think it could be that, especially since the linksys device is the known gateway for the network and it's IP is 192.168.100.1.

 

Not worried about the cable modem being a source of the issue, since it's not a consumer product, and it's in front of the gateway device.

 

The switch is completely un-managed.

 

I don't know what to do other than to do a physical sweep of the office looking for undocumented devices.



#6 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 27 August 2013 - 11:42

"'ipconfig /all' on the DHCP server turns up no other interfaces with the offending IP range."

Im not sure what that is suppose to mean? He was asking you if this was a wireless or wired connection. If wireless they could just be connecting to a different wireless network than yours. If its on their wired interface then yeah you have something connected to your network running dhcp.

if wireless, just setup your wireless clients not to connect to that network. Since you mention 2 AP on your own network, I am thinking maybe its just wireless.

But if wired, what is the mac address? You can then look this up and see what type of device it is..

You say you can access a webgui on it.. at 192.168.99.1 when from these devices - so look in their arp table "arp -a" and get the mac

http://www.coffer.com/mac_find/
http://www.macvendorlookup.com/

That might help you spot it.

If not I would suggest you get yourself a smart switch that can list what ports a mac is listed on..

example

C:\Windows\system32>arp -a

Interface: 192.168.1.100 --- 0xb
Internet Address Physical Address Type
192.168.1.7 00-0c-29-dd-02-ba dynamic
192.168.1.8 00-0c-29-57-41-d5 dynamic
192.168.1.25 00-13-b6-02-6c-09 dynamic
192.168.1.40 2c-76-8a-ad-f6-56 dynamic
192.168.1.50 00-15-99-21-1c-a0 dynamic
192.168.1.97 00-1c-c3-09-05-7a dynamic
192.168.1.220 7f-bf-a9-aa-29-5b dynamic
192.168.1.253 00-50-56-00-00-02 dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.251 01-00-5e-00-00-fb static
255.255.255.255 ff-ff-ff-ff-ff-ff static

physicalport.png


So for example I look at this one
192.168.1.40 2c-76-8a-ad-f6-56

So if I look 2c-76-8a up I get
http://www.coffer.co...string=2c-76-8a

Tells me its an HP.. while that makes sense since its my HP Microserver. Now you see from the switch listing its mac table that its connected to port 4.. So I could trace out the wire to what is connected port 4 and find it.

So you will notice more than 1 mac on a specific port.. Those are downstream switches that are connected to those ports. So your smart switch lists all the mac that are on the that downstream switch. This would tell you at list what switch your connected too if you have more than 1.

But sounds like you only have 1 switch, so you could replace it. Or when a box gets that wrong address.. Run a constant ping on the IP of the dhcp server IP that hands it out, and then from your switch start pulling every other wire 1 at a time (other than the workstation that has the wrong ip) and find out what wire your device is connected too.

But a smart switch would be less intrusive method ;) You can can get a smart switch for really cheap these days. What size switch and speed do you have currently?

You sure you doublechecked your AP?? Those seem like likely candidates for having their dhcp servers turned back on.

#7 OP goatsniffer

goatsniffer

    Supercalifragilisticexpialidosh

  • Joined: 11-January 04
  • Location: New York, USA

Posted 28 August 2013 - 15:56

Here is the deal, as I have resolved the issue.

 

I went to the office and did some sleuthing, I found their VOIP phone system box in a closet. It was labeled 'innomedia' not innotech (sorry, was quoting from memory). Aside from having it's own modem, it had a 'LAN' connection that ran into the ceiling. I traced it to the drop by the network switches and unplugged it. All DHCP resolution issues have been resolved, there has been no impact on the phone system.

 

It must have gotten plugged in at some point, so I wrapped it up away from the switch to avoid any further confusion.



#8 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 28 August 2013 - 16:04   Best Answer

Good news! But having a smart switch would of allowed you to figure out which port it was without having to walk around the building and trace a wire.

Might be something to look into for making your network better.. They are not very costly, give you lots of troubleshooting tools, ability to vlan in the future, rate control of connections quite likely.

Not saying you need a full managed switch like a 2k$ cisco - but a $200 smart makes a lot of sense in a small office vs just a simple dumb switch you would run in your house with a few connections.

#9 OP goatsniffer

goatsniffer

    Supercalifragilisticexpialidosh

  • Joined: 11-January 04
  • Location: New York, USA

Posted 22 October 2013 - 19:57

Can a mod mark this solved?



#10 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 86
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 22 October 2013 - 21:43

just pick a post that best answers the issue and it will show up answered