Have you ever been at work, doing your regular maintenance activities. Watching system logs scroll by and all of a sudden on your DHCP server logs, you see a DHCPNAK request for an IP address that is not on your network? Shortly afterwards, you start receiving phone calls from your users complaining that they cannot get to the Internet and none of their network applications are working.
Now, before you panic, you have learned two key pieces of information to solve this predicament.
1. There is a host on your network that is attempting to renew an IP address through DHCP that is not valid on your network.
2. The same computer currently is not able to access any of the network resources.
So you probably are thinking, yeah, I know these two things, but these do not tell me how to fix the problem. Well, I'm glad you asked because below are the steps you can take to figure out the issue.
The first thing to do is to get access to the computer of a user who is exhibiting the problem. First, do an "ipconfig /all" from command line to identify the "DHCP Server"
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : whereimat.com
Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 0.0.0.0
0.0.0.0
Lease Obtained. . . . . . . . . . : Thursday, June 02, 2011 7:25:32 PM
Lease Expires . . . . . . . . . . : Friday, June 03, 2011 7:25:32 PM
Once you know what your DHCP server is, attempt to ping it to make sure your arp table is up to date with the latest MAC address from that machine. Once you complete your ping, check your arp table which should look something like:
Interface: 192.168.1.101 --- 0x3
Internet Address Physical Address Type
192.168.1.1 XX-XX-XX-XX-XX-XX dynamic
Now, you REALLY have all the information you need. The hard part is over, just go over to your managed switch (Cisco, HP or whatever flavor you use), look to see what port the MAC address for the DHCP server (192.168.1.1) exists and then disconnect the port or talk to the user who is connected to the port and have them to cease and desist!
For those who care for some details, common causes of this problem are VMWare server computers that are configured for bridging the bridge network with a DHCP interface. Also, the common cable/dsl routers with the wrong port (LAN instead of WAN) connected to the switch can cause this problem as well. In either case, now that you have the tools to find this problem and resolve it, you can meet these problems head on with the knowledge that it will get resolved.
You got more questions? I have more answers! Leave a comment below or contact me at questions(at)myitguy4u.com.
-MyITGuy
EDIT: Thanks Jason G for the spelling correction! FIXED!
