• News
  • Network troubleshooting: What to do if an illegal DHCP server is to blame?

Network troubleshooting: What to do if an illegal DHCP server is to blame? 

Friends who work with the Internet must have encountered such a frustrating situation: some terminals can access the Internet, but some cannot, or they can access the Internet for a while and then disconnect again. Today, we will talk about this kind of problem, and show you the "culprit" behind it - illegal DHCP server, and then talk about how to solve it! 

1. Problem phenomenon: What is the reason for the network "crash"? 
When engineers troubleshoot network problems, they often encounter abnormal Internet access on some terminals, repeated disconnection, or normal after setting static IP. This kind of problem is most likely related to the DHCP server.



Let's review the working process of DHCP:

Each terminal needs to obtain an IP address to access the Internet. If the network is not standardized and an illegal DHCP server is involved, the terminal will be assigned an IP address based on the first offer received. If it comes from an illegal server, it may not be able to connect to the Internet.




2. Common scenarios: Where does illegal DHCP come from?

Small restaurants: New AP and old router are cascaded, both have DHCP turned on, causing confusion in IP allocation.

Hotel rooms: Guests can connect to portable WIFI devices, and their DHCP function interferes with the network.

Corporate offices: Employees privately connect to wireless routers and set them improperly as illegal DHCP servers.

Student dormitories: Multiple people access network devices, DHCP function conflicts.

3. Troubleshooting methods: Find the "fox tail" of illegal DHCP

1. Check the terminal network parameters

Confirm whether the device IP address is in the default segment and whether the gateway address is legal. If it is inconsistent, there may be an illegal DHCP server.





2. Check gateway MAC with arp command
Use arp -a command to check gateway MAC in Windows system,

Then compare it with the MAC in the LAN settings of the gateway device. If they are different, there is an illegal device.

3. Use Wireshark to capture packets and locate
Release the computer IP and reacquire it. Use Wireshark to capture packets to see if there are multiple offer responses, and compare the source MAC address to locate the illegal device.




IV. Solution: "Prescribe the right medicine for the right disease" to solve network problems
1. Remove illegal devices or settings
After locating the illegal devices, remove them or turn off their DHCP function to rectify the network.

2. Set up network isolation or VLAN
The switch sets port isolation or VLAN to only allow the terminal to communicate with the upstream device, reducing the impact of privately connected devices.







3. Enable switch DHCP snooping
Large and medium-sized networks enable this function on managed switches. The switch only recognizes the DHCP server of a specific port and prohibits DHCP packets from other ports.

Okay, that’s all about the issue of illegal DHCP servers.