I have a windows 2003 server running DHCP. Clients pick up an IP address with no problem. However, some clients (but not all) can't connect to the Internet when issued a specific IP. If I release the IP on the client, exclude the IP from the range and renew on the client so it gets a new IP, it can connect to the internet fine. It appears a range of IP's from within the DHCP scope will not let clients access the internet!? The problem seems to be growing in IP range now and once an IP doesn't work, it never works again - even if static assigned. Anyone else seen this or suggest any steps to overcome this before I run out of working IP's !
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
DHCP IP's cannot connect to Internet
- Thread starter jasonb007
- Start date
That makes no sense, what is your edge device? Maybe the perimeter firewall is falsely or not falsely detecting malicious traffic from those IPs and blacklisting them?
RoadKi11
"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
RoadKi11
"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen
GlenJohnson
MIS
Have you got a firewall set up? If you do, exclude the problem range and see what happens. If not, see if you have error messages in the logs. Something obviously is going on. Going to need more info.
if pro is the opposite of con, what is the opposite of progress?
if pro is the opposite of con, what is the opposite of progress?
Following what Glen mentioned, did you increase your DHCP scope size already to accommodate the growing number of IPs (ie modified your network's subnet mask). Your firewall may be only able to see IPs in the old subnet range and this is why you are getting connectivity based on certain IPs
- Thread starter
- #5
I know it makes no sense - it's driving me mad !! It's in a school where the LEA control the router - which has not had anything changed, nor has the server. The DHCP scope has been active for about 3 years and never had a problem until now ! Had another 2 ip's drop out today - so released them, excluded them and got the client to renew ip - pick up a different ip and they connected straight away !
This is definitely a strange issue. There are a few things that I can think of to try off hand:
1 - power reset the firewall router / gateway to see if it has a temporary problem that is causing it to block IPs
2 - With a problem IP, see if you can access other clients on the LAN.
3 - try running a traceroute (windows tracert) and see if you can ping the router.
4 - use a program like wireshark or tcpdump to look at the packets and see if this shows any sort of error code that could point you towards a solution.
5 - If possible, enable logging on your firewall / router and see if this shows anything.
6 - look at the event logs of the host system having trouble and see if there is any sort of error or information notification.
1 - power reset the firewall router / gateway to see if it has a temporary problem that is causing it to block IPs
2 - With a problem IP, see if you can access other clients on the LAN.
3 - try running a traceroute (windows tracert) and see if you can ping the router.
4 - use a program like wireshark or tcpdump to look at the packets and see if this shows any sort of error code that could point you towards a solution.
5 - If possible, enable logging on your firewall / router and see if this shows anything.
6 - look at the event logs of the host system having trouble and see if there is any sort of error or information notification.
NetworkTek
IS-IT--Management
Try this just out of curiousity. Take one of the problematic ip's that is now excluded from your range. Manually assign it to a client and see if that ip is still broken. That way it will eliminate a firewall issue or switch issue.
Network+
Inet+
MCP
MCSA 2003
MCTS
Network+
Inet+
MCP
MCSA 2003
MCTS
NetworkTek
IS-IT--Management
I apologize I missed in your original post you had already tried this.
Network+
Inet+
MCP
MCSA 2003
MCTS
Network+
Inet+
MCP
MCSA 2003
MCTS
- Thread starter
- #10
- Thread starter
- #12
So onsite today and powered EVERYTHING down. Issue still applies. But I have narrowed it down, here are some details:-
ip address range in DHCP is 172.24.x.10 to 172.24.x.200
Sub is 255.255.255.0
anyone who get an IP of 172.24.x.128 or above cannot connect to the internet. They can ping other PC's on the network (regardless of address)and I can ping them.
I've delete and re-done the DHCP Scope to make sure the subnet was right - but it's not a DHCP issue because if you do a static ip of 128 or above, still don't work but below 128 does.
Checked all the hardware, all configured to sub 255.255.255.0.
The only thing I can't check is a council supplied switch (3Com SS 3226) which all other switches uplink to) and the router (Lightning Edge 46 which I know nothing about) ! The firewall is also maintained by the council so I cannot do anything there.
I'm thinking the issue is with the council hardware - so logged a call and waiting on information !
Will post any news.
ip address range in DHCP is 172.24.x.10 to 172.24.x.200
Sub is 255.255.255.0
anyone who get an IP of 172.24.x.128 or above cannot connect to the internet. They can ping other PC's on the network (regardless of address)and I can ping them.
I've delete and re-done the DHCP Scope to make sure the subnet was right - but it's not a DHCP issue because if you do a static ip of 128 or above, still don't work but below 128 does.
Checked all the hardware, all configured to sub 255.255.255.0.
The only thing I can't check is a council supplied switch (3Com SS 3226) which all other switches uplink to) and the router (Lightning Edge 46 which I know nothing about) ! The firewall is also maintained by the council so I cannot do anything there.
I'm thinking the issue is with the council hardware - so logged a call and waiting on information !
Will post any news.
GlenJohnson
MIS
Try setting up a hosts file on the problem pc's and see if it helps. I've always found that when dhcp stops working, hosts files will keep you going until a solution comes along. If it helps, set up a batch file to send the hosts file out to the problem machines. Hope it helps.
Be civil to all; sociable to many; familiar with few; friend to one; enemy to none.
Benjamin Franklin
Be civil to all; sociable to many; familiar with few; friend to one; enemy to none.
Benjamin Franklin
- Thread starter
- #14
Hi, don't know what you mean by setting up a host file.
Anyway it turns out it was something to do with the firewall run by a third party company who had done some reconfiguration from old notes and set the sub to 128 instead of 0.
Thanks for all replies.
Anyway it turns out it was something to do with the firewall run by a third party company who had done some reconfiguration from old notes and set the sub to 128 instead of 0.
Thanks for all replies.
Here's what I'd do based on how I understand the situation. In this example, both machines have been statically statically assigned configuration options that would otherwise be, those of dhcp.
device ipa action
------ ------------ -------------------
pc1 172.24.x.127 tracert to internet
pc2 172.24.x.129 tracert to internet
Determine the appliance where pc2s' ipa tracert resolution becomes incomplete.
Determine ownership of said appliance and request action.
GlenJohnson
MIS
Sounds like you're there, but just for future reference, check out
Good luck.
Be civil to all; sociable to many; familiar with few; friend to one; enemy to none.
Benjamin Franklin
Good luck.
Be civil to all; sociable to many; familiar with few; friend to one; enemy to none.
Benjamin Franklin
- Thread starter
- #17
- Status
Similar threads
- Locked
- Question