Results 1 to 7 of 7

Thread: DHCP Drama

  1. #1
    New Lounger
    Join Date
    Mar 2004
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    DHCP Drama

    Here's something to think about.

    I have a fiairly standard Windows 2000 domain setup with ADS and all Microsoft Server products. The DHCP has been set up since last year in a semi-static way ie we register one IP to one MAC address so we can still dynamically assign the addresses but keep a trace of who has got what. It isnt a great use of the system but it should work(particularly in security). Each IP address is registered to one MAC address and the remainder of the pool is blocked so that only those registered can use the addresses.

    After this system had been in place some time, I began to notice IP address conflicts and investigation showed that where 2000 and XP clients were on the Network, they didnt bother to adhere to the DHCP setup ie user registers MAC address or dont get IP. They just took any registered address they fancied that wasnt being used by process of being connected. Even if the DHCP setup was to assign the addresses infinitely, they still took ones not being actively used - usually 98 or ME clients or those 2000 or XP ones not on the network at the time.

    I may be way off beam on this, but I took this problem to be something related to the idea of election of Master Browsers ie newer OS tends to get its way. However, my question is that if this is the case, will we ever have protection on our Networks against hackers etc if anyone with a newer OS than the Server's can come in and wreck the configuration just because they have a newer OS?

    Rob

  2. #2
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: DHCP Drama

    In reply to your question
    > will we ever have protection on our Networks against hackers etc if anyone with a newer OS
    > than the Server's can come in and wreck the configuration just because they have a newer OS

    The normal way to provide this sort of protection is to configure your network switches to only allow each port to connect to a specific MAC address. Using fixed IP address assignments from a DHCP server will not prevent clients from using other IP addresses.

    In reply to your main issue, this doesn't sound right. The most common cause of symptoms like this is someone assigning a rogue DHCP server on the network, I have even seen it caused by a laptop that had enabled Internet Connection Sharing (which caused it to act as a DHCP server).

    It would be nice to know whether the clients are being assigned those addresses by the correct DHCP server or they are getting them some other way. The output of IPCONFIG/ALL on a problem client would at least show us the date and time it got the lease, the DHCP server it came from and the lease expiry date. You could then compare these with data from the DHCP Server.

    StuartR

  3. #3
    New Lounger
    Join Date
    Mar 2004
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DHCP Drama

    Stuart

    Thanks for your comments.

    Unfortunately, it simply isnt practical to restrict network ports to Mac Addresses. Many of them are used by huge numbers of users and these users may only be around for 6 months to a year.

    My point about DHCP is that it SHOULD restrict in the way I have mentioned. We dont have any free addresses for people to use(the only reason I dont statically assign them is the admin. problem of keeping them in-house when students leave). To my mind, if the DHCP Server allows for an assignment of the address to a specific user/MAC address only, It should retain that.

    In response to the rogue DHCP, no there isnt one. All the addresses are being assigned by one server. I too thought this might have been the case but it wasnt. What is more, this issue ONLY arises with 2000 and XP clients, not with older clients like 98 or ME.

    Rob

  4. #4
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: DHCP Drama

    I agree with you that it should. Something is wrong with your installation or configuration. Have you checked IPCONFIG/ALL on a client with an invalid address?

    StuartR

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,585
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: DHCP Drama

    Rob,
    Sorry to come in late on this. But, have you searched the MS site for DHCP configuration information? This search:
    http://search.microsoft.com/search/results...tion&view=en-us gets lots of interesting places to read. Could be something useful.

    Joe
    Joe

  6. #6
    New Lounger
    Join Date
    Mar 2004
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DHCP Drama

    Stuart

    It could be mis-setup. I am afraid I took over half way through but it all looks ok otherwise.

    IPconfig/all on clients that should have the address just renders no address available and on the invalid clients, they just show the settings as if they were valid.

    My feeling was that this was a bug of the Microsoft DHCP program but thought I ought to run it by some others to see if I had got something wrongly setup.

  7. #7
    New Lounger
    Join Date
    Mar 2004
    Posts
    17
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: DHCP Drama

    Thanks for that. A lot of stuff but not a lot that looks instantly relevant. I am in the process of upgrading the domain to 2003, so may see what is rendered using the new setup. However, if there is a bug, it doesnt bode well when the next desktop version of Windows comes out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •