clients losing or not getting IP upon power up

[E7130]

I have 5 buildings with each building having their own block of IPs /24 and some with /23 or (these are not NAT). Here is the thing, in one building we will have a hand full or a dozen computers that when powered up will not get an IP from our central DHCP server, but will get a 10.x.x.x number. After a few refreshes of NIC it will finally grab an IP. Other times a machine will be on and lose its IP and give a 10.x.x.x number.

This is only happening at one location and I don't hear about it after the fact so I cannot check on it first hand. However, from count of equipment I am not using all 512 IPs.

I am kind drawing a blank at what could be causing this. This network is a mix of 60% PC (XP Pro SP2) and 40% Mac and only the XP machines are experiencing this.

There is nothing special on the PCs and are running SEP (Symantec End Point)

 

[k1pp3r]

You need to find out what is handing out the 10.x.x.x IP's. That will lead you to your answer

 

[Surly73]

As k1pp3r already said, you likely have another device handing out IPs.

The Windows fallback IPs are generally 169.x.x.x not 10.x.x.x. Use ipconfig /all and find the IP of the DHCP server handing out the 10.x.x.x addresses, find it and kill it.

Someone probably stuck a linksys router under their desk as a rogue wireless node for convenience or something like that (and did it incorrectly, to boot).

 

[Arch]

I've seen a problem in the past where PCs wouldn't get an IP on bootup. Turned out the problem was with the particular NIC in the PC and spanning-tree being enabled on the switch port. The fix was to add "spanning-tree portfast" to the port. These were Cisco switches.

 

[Surly73]

I've seen a problem in the past where PCs wouldn't get an IP on bootup. Turned out the problem was with the particular NIC in the PC and spanning-tree being enabled on the switch port. The fix was to add "spanning-tree portfast" to the port. These were Cisco switches.

You're absolutely correct, but I would expect to see 169 addresses, not 10 addresses if that were the case.

 

[E7130]

As k1pp3r already said, you likely have another device handing out IPs.

The Windows fallback IPs are generally 169.x.x.x not 10.x.x.x. Use ipconfig /all and find the IP of the DHCP server handing out the 10.x.x.x addresses, find it and kill it.

Someone probably stuck a linksys router under their desk as a rogue wireless node for convenience or something like that (and did it incorrectly, to boot).

I know, if the machine wasn't getting out it would be getting a 169.x.x.x, so something is handing out DHCP. We have a handful of Apple Airports (native 10.x.x.x network usually) so I have started thinking that one of these may have started causing this. We have an HP network, but in this building we do have some Airports instead of some HP APs.

 

[Surly73]

I know, if the machine wasn't getting out it would be getting a 169.x.x.x, so something is handing out DHCP. We have a handful of Apple Airports (native 10.x.x.x network usually) so I have started thinking that one of these may have started causing this. We have an HP network, but in this building we do have some Airports instead of some HP APs.

If someone reversed the connections on the airport, and has the inside/LAN jack connected to your office LAN, that'll do it.

 

[Captain Colonoscopy]

I would bet that one of your Mac nerds brought in an Apple Airport and plugged it into your LAN and its DHCP server is enabled. I've seen this happen at schools many times over the years. Either a teacher will bring one in because the IT staff hasn't deployed wireless yet or the district bought a bunch of them and they all of a sudeen reset themselves to factory defaults and start throwing out IPs.

If you have Cisco 3560 or 3750switches you could setup DHCP snooping which will prevent clients from pulling DHCP from anything but your authorized server. Another thing you could do is turn on MAC security which would only allow one MAC address to communicate through each physical port. Then you start getting complaints from the asshat that plugged in their WAP that they can't get internets anymore and you can slug the SOB.

 

[Surly73]

I would bet that one of your Mac nerds brought in an Apple Airport and plugged it into your LAN and its DHCP server is enabled. I've seen this happen at schools many times over the years. Either a teacher will bring one in because the IT staff hasn't deployed wireless yet or the district bought a bunch of them and they all of a sudeen reset themselves to factory defaults and start throwing out IPs.

This wouldn't happen if the Mac nerds plugged the airport in using it's WAN port. So, not only are they probably violating your corporate security policy, they're also clueless.

 

[Brak710]

This wouldn't happen if the Mac nerds plugged the airport in using it's WAN port. So, not only are they probably violating your corporate security policy, they're also clueless.

I think a lot of users get confused with WAN and LAN in such an environment.

Yes, you are on the company LAN, but it should be the WAN of your device.

Either way, unless a company AP's settings got wiped and is acting like a DHCP server again, I think you need to explain to the users why they can't add their own routers if this is the case, and why you shouldn't ever because of security..