Ran into a good case of Network troubleshooting today. We use the private 192.168.0.0/16 address range at work. All of a sudden, we had users calling us from a particular floor stating that they cannot access network resources. Here’s how the team solved the issue
1) Physical connectivity – Is the cable plugged into the workstation? Is there a green light on the NIC?
2) DNS Lookup – Open a command prompt and do a look up on a server in the network. In this case, one of our file servers. Users say that they are getting a “server inaccessible” error. Hmm.. Alright, so we have physical connectivity, but don’t have DNS resolution. Since the rest of the user population didn’t have any DNS resolution issues, the team dug deeper
3) IP Address Details – Open a command prompt and type in “ipconfig”. This showed that the affected users were getting a “172.16.0.x” address. This range does not exist in our user network segment. So looks like we have users getting an unqualified network. Since all users are configured to get their IP addresses through DHCP, the culprit might be DHCP.
4) DHCP Server : The Issue – Open a command prompt and type in “ipconfig /all”. This showed the following
Aha.. looks like there is a rouge DHCP server in our network. The team checked the LAN room on the floor and found the culprit server. Looks like the server was installed in it’s default state where it acted as a DHCP server.
Lesson learnt : DHCP broadcasts sent by the client are addressed by servers in the same broadcast (Layer 2) domain before being routed to other DHCP servers (IP Helper Addresses).