Score:-2

Our cable modem is acting as a rogue DHCP server, even though its DHCP function is supposedly disabled

do flag

We have, for quite some time, had problems with systems on our LAN coming up "bottled," i.e., with non-functional connections. I recently noticed that the assigned IP addresses looked like they were colliding with fixed IP addresses on the LAN, which suggested that either the router/firewall (a TP-Link TL-WDR4300) wasn't honoring its DHCP range, or there was a rogue DHCP server in the network.

This morning, my iMac came up "bottled," and I was able to determine that the IP address had been vended by a DHCP server at the cable modem's address (192.168.0.1), even though the setup page for the cable modem shows DHCP as unchecked. Then, later, when I brought up my Chromebook (which almost always initially comes up "bottled"), I looked more closely at the address it had been assigned: it wasn't a collision with a fixed address (e.g., 192.168.1.102) at all; rather it was an address in the cable modem's range: 192.168.0.103.

This raises three questions:

  1. Why is the cable modem's DHCP server running when it's supposedly disabled?
  2. Why are addresses in the 192.168.0.x range "bad" on our network?
  3. What can I do about it?
djdomi avatar
za flag
home and enduser question are offtopic for serverfault.com but might be on topic on superuser.com
hbquikcomjamesl avatar
do flag
"Home"? This is an office LAN, and I am the de-facto LAN administrator. I still have dial-up at home.
Ron Maupin avatar
us flag
Unless you have DHCP relay enabled on your router, the cable modem DHCP will be blocked by your router because DHCP requests are broadcast, with the limited broadcast address that cannot be routed and your router will not forward the broadcast DHCP requests to the cable modem. It is entirely possible that someone has actually connected a rogue device to your network that has a DHCP server in it.
hbquikcomjamesl avatar
do flag
TO REITERATE: This is NOT about a HOME or END-USER issue. As the SENIOR PROGRAMMER for Touchtone Corporation, I am the de-facto network administrator (and network electrician: I pulled every last INCH of Cat 5, along with four strands of Twinax), and while I am currently the only user affected, by virtue of being the only human being in the office under pandemic conditions, it CAN AND DOES affect ANY system in the office that is not on a fixed address. How is this NOT about "managing information technology systems in a business environment"?
Score:1
us flag

rather it was an address in the cable modem's range: 192.168.0.103.

I found that my router came up in 'bridged' mode, and then acquired an IP address and configured the NAT. When the whole network came up after a power outage, the clients and the router were doing DHCP renewal at the same time the router was in bridge mode, and the DHCP traffic was leaking through to the ISP, and back to ... well, in my case my DHCP server was seeing it, and going offline because it didn't think there should be two conflicting DHCP servers on the same network segment.

Score:0
cn flag

Why is the cable modem's DHCP server running when it's supposedly disabled?

You'll need to contact the vendor on that point. Maybe there's a bug in the firmware you're running; maybe the config displays but hasn't been applied; maybe there's a second step to fully disable it.

Why are addresses in the 192.168.0.x range "bad" on our network?

You'll need to do some reading on IP basics. Those addresses could be made to work if you either adjust the subnet mask of both subnets to be larger (so that they're the same subnet), and/or set up proper routing between subnets. That's probably not what you want though; it's not what I would do.

What can I do about it?

As I said above - contact the modem vendor about the apparent bug.

It's also worth posting your cable modem's make and model, in case someone here's familiar with it, plus a network diagram. Typically, if you're using the cable modem strictly as a modem and have your own router, the cable modem's LAN interface shouldn't be able to receive DHCP request packets from your office LAN, it should be in a separate L2 domain.

You may want to consider hiring a network pro for a 1-day engagement to review and fix your setup.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.