Indiana University
University Information Technology Services
  
What are archived documents?

What is a rogue DHCP server, and how can I tell when one exists on the IU network?

Note: This document assumes you have some knowledge of networking.

A rogue DHCP server is any active DHCP server on Indiana University's network that UITS has not approved. From time to time, rogue DHCP servers appear on the IU network, particularly in campus housing. Often such servers are set up unintentionally.

When a rogue DHCP server exists, many computers on a particular subnet (often a floor, section of a building, or an entire building) suddenly have non-IU IP addresses and are unable to browse the web or access other network resources. Standard IU IP addresses will be of the following type:

129.79.x.x
149.159.x.x
156.56.x.x
10.10.x.x
10.56.x.x

If your computer is configured for DHCP but has lost connectivity and does not have a standard IU IP address, first try renewing the IP address. If it still has a non-IU IP address, a rogue DHCP server is probably on that computer's subnet. This is particularly likely if the IP address matches any of these patterns:

10.x.x.x (except 10.10.x.x or 10.56.x.x)
between 172.16.0.0 and 172.31.255.255
between 192.168.0.0 and 192.168.255.255

The above IP addresses are set aside for private networks, and are used by Internet Connection Sharing (ICS) and other similar network programs that have DHCP service built in.

Note: In campus housing, unregistered computers will have 10.10.x.x IP addresses. In such cases, simply open a web browser and register the computer at:

http://dhcp.indiana.edu/

A non-IU IP address could be statically assigned. Check the TCP/IP settings to be sure that it is configured to get an IP address from the server, and does not have an IP address entered manually. Some new computers come with a static IP address the manufacturer used to configure the software that came with the computer. You can remove that IP address and change the TCP/IP settings to get an IP from the DHCP server.

If the computer appears to be getting a non-IU IP address from a DHCP server, you can use the arp command to determine the hardware address of the rogue server. At a command prompt, type the following:

arp -a

Make note of the IP and MAC addresses (the MAC will be called the "Physical Address"), and report this information to the UITS Support Center in Bloomington at 812-855-6789. Alternatively, you may email the Support Center at  ithelp@iu.edu .

This is document akpy in domain all.
Last modified on July 07, 2008.
Please tell us, did you find the answer to your question?