DHCP

Eiolon

Gawd
Joined
Apr 6, 2005
Messages
928
We normally assign static IP addresses to our computers but had to make an exception for a small batch.

I setup a DHCP server (Win 2003) and gave it a distribution range.

The computers connected and got the address, the DNS and gateway.

Now the problem is the computers in the DHCP pool cannot talk amongst themselves. They can ping the IP/NetBIOS of other devices as long as those that are outside of the pool.

I get the destination is unreachable message when pinging. If I ping by the name, it does show the proper IP of the device it is trying to ping. It can talk to the DHCP and DNS server.

Any suggestions?
 
The DHCP PCs have the same subnet mask and network as the non-dhcp?
 
Any Windows/Other local Firewall?

Win7/Vista clients could turn the firewall back on if they're connected to an "unknown network".
 
what is acting as the DHCP server?

also why not make all computers DHCP and just reserve the IP's in the DHCP server, alot easier.
 
Windows Firewall is turned off on all the clients.

We are using a domain controller with DNS and DHCP installed.

DHCP was only just installed the last week. We have always used static IP addresses so we never installed a DHCP server until now.

We are on a domain network.

The devices are getting their addresses wirelessly so I am not sure if that is a problem. It is a Cisco 1131G. It's dishing the addresses out fine, we are getting Internet access, it's just none of those getting DHCP can talk to other devices that have DHCP. Non-DHCP clients CAN talk to DHCP clients.
 
Are you pinging the computers by hostname, or by IP address?
 
There's nothing inherent in DHCP that could cause the communication issues you are describing between hosts on the same subnet.

I would check the cisco device for any settings that might cause this behavior, though ( host isolation? ).
 
I have pinged by IP and hostname. If I ping by the hostname, it see's the correct address, but just says destination host unreachable.

I have statically assigned the IP addresses and they are not working. I am guessing it is something with the AP at this point. I'll have to drag the computers to another area where I have ethernet access to see.
 
You said all the DHCP devices are attached to the same wireless AP?

Some APs will prevent devices from talking to each other as a security measure. It's normally deployed in guest type environments (airports, cafes, etc...). See if that's turned on.
 
I replaced the AP with a different one and the computers can now talk to each other. I would still like to find out what is going on here though. Here is the config from it if anyone could help.

Thanks,

!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MediaRoom
!
no logging console
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login default local
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
no ip domain lookup
!
!
!
dot11 ssid AJPL Training
authentication open
!
power inline negotiation prestandard source
!
!
username extreme privilege 15 secret 5
username admin privilege 15 password 7
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption key 1 size 40bit 7 A1E447FB3D18 transmit-key
encryption mode wep mandatory
!
ssid AJPL Training
!
station-role root
beacon dtim-period 1
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption key 1 size 40bit 7 D71318FE4B24 transmit-key
encryption mode wep mandatory
!
ssid AJPL Training
!
dfs band 3 block
channel dfs
station-role root
rts threshold 2312
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.16.3.15 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.3.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 route ip
!
!
banner motd C

***************************************************************************
* L E G A L N O T I C E -- Y O U M U S T R E A D *
***************************************************************************
* *
* You must have explicit permission to access or configure this *
* device. All activities performed on this device are monitored *
* and logged. Violations of the *
* security policy may result in criminal prosecution. *
***************************************************************************
* *
* Anyone using this system expressly consents to such monitoring and is *
* advised that if such monitoring reveals possible evidence of criminal *
* activity, system personnel may provide the evidence of such monitoring *
* to law enforcement officials. *
* *
***************************************************************************
* UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED *
***************************************************************************


!
line con 0
line vty 5 15
!
end
 
Last edited:
why not disable DHCP from the wireless AP and just do it all from the domain DHCP / DNS, keep it all centrally managed, should solve any problems of communication, you usually don want 2 DHCP servers on the same network.
 
why not disable DHCP from the wireless AP and just do it all from the domain DHCP / DNS, keep it all centrally managed, should solve any problems of communication, you usually don want 2 DHCP servers on the same network.

The thread title is a little misleading now, as I originally thought it had something to do with DHCP but it does not. It has to do with the AP. I have made sure the AP is not acting as a DHCP server. I have also assigned the IP's statically. There is something in the config (or not in the config) preventing the devices from talking to each other.

I hooked up a Linksys WAP54G to test and all the clients can communicate. But I'd really like to get off that as we are going to add 10 more clients and that WAP won't be able to handle it.
 
i would just set the AP to be DHCP and reserve the Ip in the DHCP server, you have the link from the AP to the network connect via a LAN port and not the WAN port?
 
I found out the problem. I guess the AP was used with VLANs at one point. The VLAN was taken out of the config but the bridge-group was not. I removed that and it now communicates with everything fine.
 
Back
Top