DHCP database
I have noticed duplicate IP addreses on my network despite the fact that some these addresses have been reserved. I have checked my DHCP database for corruption and nothing seems out of place. What could be the cause and do go about resolving this issue?
Software/Hardware used:
Windows 2003 server environment / HP computers
Software/Hardware used:
Windows 2003 server environment / HP computers
ASKED:
March 24, 2011 5:12 PM
UPDATED:
March 25, 2011 6:33 PM
Answer Wiki:
A common cause is maybe the fact some users have configured static ip address on their machines.
Depend on your network usage and working hours, you could try to shutdown the dchp server before all the machines join on the network and discover any IP still enabled on the network. This tell you that those machines have a valid IP address not provided by the dhcp server. But I'm not sure if this applies to your environment according to your posibilities.
Hope it helps.
-Mariodlg
-------------------------
Could be a couple of causes:
1. Clients are not using DHCP but are using static addresses.
2. Clients not releasing leased addresses properly. - check lease times and client patch levels.
3. Rogue DHCP server on LAN. - check where clients get bad addresses from
-Labnuke99
To see all answers submitted to the Answer Wiki: View Answer History.
Mario pretty much nailed it – sounds like something is usin a statically assigned IP address…
We use a specific IP range for static, and another range for DHCP use. It helps to stop this sort of duplicated allocation by DHCP.
It doesn’t stop someone with a bit of knowledge changing the IP address, though. which is the point already made. I agree with Carlosdl and Labnuke99.
Although I would say, if the IP lease time is still valid for more than 24 hours they would still gain access to the network.
Stopping it happening again is important. It sounds like you have a guy like we had in a place I worked.
We were baffled why the back up was failing. We had a weekend to trouble shoot a 56 PC network. We were lucky and found the problem in 4 hours. We did a mass switch on of all PCs, and found his had been given a static allocated to the backup server. He changed his IP to get onto the internet, when it was quiet on his shift. He didn’t stay long.
How did we do it?
On a USB stick we created a batch file to display the current IP details, then release and renew the ip and diplay the results. Output was also directed to a text file on the stick which was given the workstation ID. We ran the batch file on every workstation and compared the output, against a printed list we each had been given at the start, of known static IPs allocated by IT.
This output was used as evidence of the unauthorised access, and more to the point guaranteed we were not at fault, and got overtime rates for the work. Result all round.