1

I use a Draytek 2860 router to manage an office internet connection. This feeds a WAN connection into a managed switch (D-Link DGS 1210 24), and the ports on the switch are then connected to a basic switchboard which then servers connections to multiple ports around the office.

We constantly have connection issues with LAN connections only whereby these drop off despite the internet connection being fine and wireless connections being unaffected. Disconnecting and reconnecting any ethernet cables from the router resolves these, as does disabling and enabling the LAN card on a particular client.

Discussion on the Draytek forum has lead me to the conclusion that something in our network is attempting to serve IP addresses without my knowledge and this seems the most likely culprit, especially as I wasn't aware the switch was managed and I accessed the UI for the first time ever today. However, it seems to be in default mode, i.e. almost everything disabled.

Is it possible this is causing the issue and can anyone suggest settings which could be checked to make sure it isn't? Removing the switch altogether would be problematic right now as I don't have a simple one to replace it with and we need the various ports in the office.

Essentially, I want this switch to only provide me with the ability to power multiple ports. I require nothing else from the switch. What's the best way to confirm this is what I am getting?

EDIT

After the suggestion from Bryan Cerrati below I have installed Wireshark. However whenever I connect a device to the network I can see a DHCPRequest transaction but there is no corresponding DHCPOffer (although the client does connect successfully). Is the information I need located inside the Request?

enter image description here

shaneoh
  • 404
  • 3
  • 7
  • 18
  • The request comes after the offer. – Bryan Cerrati Nov 02 '16 at 12:06
  • I updated my answer with the sample of order of operations. – Bryan Cerrati Nov 02 '16 at 12:09
  • Thanks but my issue is that Wireshark shows no offers either before or after requests. The client successfully connects but only a request is shown – shaneoh Nov 02 '16 at 12:26
  • If the client sucessfully connects it happened before you started the dump. Start the recording then unplug and plug back in the cat. – Bryan Cerrati Nov 02 '16 at 13:25
  • Afraid not. I did do it that way but have just tried again doing it as you described. There is still no offers, only the requests. – shaneoh Nov 02 '16 at 14:05
  • so there is already an entry for you mac address in the dhcp server and ageing has begun. but i do not see an acknowledgment there. do you have an address or do you have an apipa? – Bryan Cerrati Nov 02 '16 at 14:48
  • I have an IP address, if that's what you mean, or a mac address if that's what you mean - I have both of these. – shaneoh Nov 02 '16 at 15:01
  • Whats the ip given? – Bryan Cerrati Nov 02 '16 at 15:01
  • 192.168.1.22. This is set in a bind list on the router, but I also tried this with the bind disabled. In that case there was a discover before the request but still no offer – shaneoh Nov 02 '16 at 15:08
  • yes that would be correct, there is a discover then request. ok so now we need to scavange the dhcp serve so that you can get your machine to send out that discover to get offers. what do you use as your dhcp server? – Bryan Cerrati Nov 02 '16 at 15:51
  • A Draytek Vigor 2860 router. – shaneoh Nov 02 '16 at 16:25
  • under diagnostic click view DHCP Table... see if your computers mac is listed. then restart the machine because most smaller applicances loose their arp cache and dhcp leasing information when they are power cycled. then fireup wireshark allow capture of all packets and when you can get back on the network you should have captured the the DHCP offers if you filter by bootp again. – Bryan Cerrati Nov 02 '16 at 16:34
  • Same thing - only the request shows, not the offer. Strange, I wonder if there is something better than Wireshark I can use because this is the first of what will probably be many steps and it's taking so long. – shaneoh Nov 03 '16 at 07:06
  • Generally if you arent getting any offers and you made sure that the mac address is not in the dhcp table then its because there is NO offers. Dhcp is not functioning or is not being passed through the switch. Try making sure dhcp screening is off in the switch you mentioned that it is managed. – Bryan Cerrati Nov 03 '16 at 11:51
  • DHCP is meant to be running through the Draytek router, which it generally is. My thought was that this switch may be acting as a DCHP server. In any case dhcp screening is off in the switch. – shaneoh Nov 03 '16 at 14:30
  • look within the switch and see if there is any dhcp server capability. if so turn it off. or set a forwarder from the draytek. then check the draytek and make sure the dhcp server is turned on. – Bryan Cerrati Nov 03 '16 at 14:35
  • The switch manual claims this model has a DHCP server option, but it's not listed in the menu for me. It has old firmware so I think I will try update this in the morning and see if I get more options. – shaneoh Nov 03 '16 at 15:08
  • i dont think its nessicary...i dont think the switch is creating dhcp... its too ironic that neither device would be offering an address if both were operating. so to me this says that its just your router not offering addresses. in a windows server environment if DHCP is not being offered, the first thing you do is check again and scavanging. make sure its not holding onto mac addresses for a month at a time not allowing that address to be assigned to another device... literally running out of assignable addresses. so to me thats what this router is doing. – Bryan Cerrati Nov 03 '16 at 15:13
  • When I disconnect the PC from the internet and shut it down it disappears from the DHCP list. I've also removed it from the IP Bind list. But, when I start it up again it still gets the same IP address. And as noted, Wireshark shows the request but not the offer – shaneoh Nov 04 '16 at 15:16

2 Answers2

3

This switch has a DHCP Server Screening protection under Security Settings, you can try to enable this if you think that someone is running another DHCP Server. You could also see the switch log for some error.

When this problem happens, they have another ip address? You can use the command ipconfig /all to see what is the ip of the machine that served the ip address.

Marlon Anjos
  • 46
  • 2
  • I think this would be the opposite of what I need - I don't want the switch to do anything other than pass the signal through. – shaneoh Nov 02 '16 at 12:04
  • The switch will not do anything than block others dhcp servers. – Marlon Anjos Nov 03 '16 at 10:45
  • OK but wouldn't that only be relevant if I was using the switch for DHCP? – shaneoh Nov 03 '16 at 11:06
  • No, you use the switch to protect your real dhcp server, the switch will not act as a dhcp server. – Marlon Anjos Nov 04 '16 at 11:45
  • I see. The manual shows this screen as having the option to enter the IP address of the DHCP server when you do this, but mine doesn't have this. I'm, presuming it's because its on very old firmware (2.x) but I don't seem to be able to upgrade it. – shaneoh Nov 04 '16 at 12:17
2

better idea... analyze network traffic using wireshark. You can setup a filter to watch DHCP, and see what offers come in after the discovery broadcast is sent out. if there are multiple offers then you have a rogue dhcp serving out addresses and from there you can work to shut it down.

in wireshark... for filter use bootp as dhcp runs within the BOOTP protocol

heres a how to Filter by DHCP in wireshark.

Sample of order.

Bryan Cerrati
  • 96
  • 8