Troubleshooting of common network problems: illegal DHCP, ARP attacks,

In this issue, we will share with you the causes of common network problems.

Whether you are a user, IT manager, contractor or integrator, the five most common network problems we encounter are: illegal DHCP server access, improper DHCP service configuration, ARP attack, broadcast storm, and DNS server abnormality. So how do you troubleshoot and solve them?

1. Illegal DHCP server
(1) Problem phenomenon

After the terminal obtains the IP address and other network parameters, it cannot access the Internet. After checking the network parameters obtained by the terminal, it is found that it is not the correct address assigned by the DHCP server. For example, the normal gateway IP is 192.168.96.1, and the gateway obtained by the terminal is 192.168.1.1. The following is an example of how to check network parameters:

(2) Cause of the problem

Some devices are not properly configured: Some devices also have the DHCP server turned on by default, without any configuration, and directly access the internal network;


Illegal device access: For example, a customer directly connects some network devices to the network illegally.
(3) Troubleshooting ideas and solutions

2. Improper DHCP server configuration
(1) Problem phenomenon

The terminal cannot obtain an IP address after connecting to the network or cannot connect to the network after obtaining the IP address set by the server.

(2) Cause of the problem

Insufficient IP addresses in the address pool or too long an address lease: resulting in insufficient IP addresses to be allocated when the device accesses the network;
Gateway or DNS settings are incorrect: resulting in the terminal obtaining the wrong gateway and DNS and being unable to connect to the network.
(3) Troubleshooting ideas and solutions

(4) Improper DHCP server configuration - correct configuration method

3. ARP attack
(1) Problem phenomenon

The terminal's Internet connection is disconnected or unstable. Check the ARP table of the computer or gateway and find that the IP and MAC correspondence table is abnormal.

(2) Cause of the problem

Illegal device attack: Illegal devices intercept the target host's Internet data through ARP attacks;

IP address conflict: Illegal devices mistakenly use the same IP address as existing normal devices.
(3) Troubleshooting ideas and solutions

4. Broadcast Storm
(1) Problem Phenomenon
All devices in the local area network cannot connect to the Internet or the network is very slow, and all indicator lights on the switch flash quickly, especially for wireless networks.
A common phenomenon that triggers a broadcast storm is a loop in the network.

(2) Causes of the problem

Network loop: A loop exists in the local network, causing broadcast data to be sent in a loop;
Terminal virus infection: The terminal is infected with a virus and sends a large amount of broadcast data to the local network;
Unreasonable subnet planning: The subnet is too large, and the broadcast data accumulates. This situation generally has no significant impact on the wired network.
(3) Troubleshooting ideas and solutions

(4) Broadcast storm - inspection method



(5) Broadcast Storm - Solution

Reasonable subnet planning: Local area networks need to be planned reasonably. For example, the number of hosts in a local area network should not be too large. Generally, subnets can be planned according to location (such as different buildings) and business (such as different departments or purposes).

Set network isolation: Within the same subnet, the terminals can be isolated through the switch port isolation function to prevent mutual access, thereby reducing the risk of internal mutual influence.

Enable spanning tree/loop monitoring: Switches that support spanning tree and loop monitoring can automatically detect loop problems in the network after setting, automatically disconnect faulty nodes, and maintain stability and availability.


Set broadcast rate suppression: Managed switches all support broadcast packet rate suppression. Through settings, only packets with a specified flow size are allowed to pass, reducing broadcast packet traffic.
5. DNS server abnormality
(1) Problem phenomenon

All devices in the local network cannot open web pages, or individual applications and websites cannot be accessed, but QQ can be logged in normally.

(2) Cause of the problem

The operator's DNS server is abnormal: causing the domain name resolution to fail.

(3) Troubleshooting ideas and solutions