What is a rogue DHCP server, and how can I tell when one exists on the IU network?
Note: The following information assumes you have some knowledge of networking.
At Indiana University, a rogue DHCP server is any active DHCP server on the IU network that UITS has not approved. These appear from time to time, particularly in campus housing. Often such servers are set up unintentionally.
When a rogue DHCP server exists, many computers on a particular subnet (often a floor, a section of a building, or an entire building) suddenly have non-IU IP addresses and are unable to browse the web or access other network resources. Standard IU IP addresses should look similar to these:
You can find a list of IU's IP address ranges in IP addresses at IUB and IUPUI. The problem occurs because the rogue DHCP server changes your computer's standard IU IP address into one of the following:
- 10.x.x.x (except 10.10.x.x or 10.56.x.x)
- between 172.16.0.0 and 172.31.255.255
- between 192.168.0.0 and 192.168.255.255
If your computer is configured for DHCP but has lost connectivity and does not have a standard IU IP address, first try renewing the IP address. If it still has a non-IU IP address, and instead has one in the ranges given above, a rogue DHCP server is probably on that computer's subnet. The above IP addresses are set aside for private networks, and are used by Internet Connection Sharing (ICS) and other similar network programs that have DHCP service built in, so with the exception of the 10.10.x.x and 10.56.x.x range, you should not be getting them while connected to the IU network.
Note: The 10.10.x.x and 10.56.x.x ranges are indeed legitimately used at IU; in campus housing, unregistered computers will have those addresses. In such cases, simply open a web browser and register the computer at https://dhcp.iu.edu/.
A non-IU IP address could also be statically assigned. Check the TCP/IP settings to be sure that your computer is configured to get an IP address from the server, and does not have an IP address entered manually. Some new computers come with a static IP address the manufacturer used to configure the software that came with the computer. You can remove that IP address and change the TCP/IP settings to get an IP from the DHCP server.
If the computer appears to be getting a non-IU IP address from a DHCP
server, you can use the
arp command to determine the
hardware address of the rogue server. At a command prompt,
type the following:
Make note of the IP and MAC addresses (the MAC will be called the "Physical Address"), and report this information to your campus Support Center.
Last modified on February 19, 2013.