DHCP server conflict betwee lab and home network

ehndeehnde Member Posts: 1,103
I've spent about 2 hours learning to use Visio so that I could post this thread icon_lol.gif

On 1721-1 I set up a DHCP server to lease addresses from 10.0.0.51 - 10.0.0.99. After doing this interface eth1 on GNS3 server got an ip address of 10.0.0.51, but I could not ping router 1721-1 from the GNS3 server. Probably because I don't have a route set properly. Trivial issue, really....

What I'm having problems with is this: after I set up the DHCP server my fiance said she couldn't use the internet. Her computer was showing that it had an APIPA address. Her PC would be PC1 on my visio diagram. Could her PC have tried to renew her address from the 1721-1 router's DHCP server? I did something to screw up our internet connection when I set up that DHCP server (I think) and I'd like to know how I could run the DHCP service in my lab without it interfering with my family's internet connectivity.

I connect to the GNS3 server wirelessly, and the routers are hooked up to the switch, which is hooked up to the GNS3 server. Can the dhcp broadcasts really have gone through these devices, through our dsl router/modem, and all the way to my fiance's computer? I didn't think this would happen because our internet connected computers are on a different network from the cisco devices. How do I keep this from happening, but still maintain connectivity from my PC via the wireless LAN to my lab equipment? Sorry for being so long winded.

Sorry if my Visio diagram sucks!
Climb a mountain, tell no one.

Comments

  • IRONMONKUSIRONMONKUS Member Posts: 143 ■■■□□□□□□□
    I don't know much, but I'll give er' a go. Most of my response is my outright thinking in trying to understand this as much as you.

    What we know:

    DHCP uses broadcasts, which can be interrupted by separating broadcast domains by the use of vlans, firewalls, and routers without an Ip helper-address.

    Your DSL Router/Modem is still in the same broadcast domain since it is switching to PC1, PC2, and GNS3 on the same vlan.

    Getting an APIPA means that the computer cannot even find a DHCP server.

    Since you are getting an IP from the 1721-1 router on GNS3, it is broadcasting on that vlan.

    What we need to know:

    Is PC2 getting an IP?

    Is the DSL router also acting as a DHCP server?

    With my limited knowledge:

    If this just happened as you added DHCP on the 1721-1, disconnect the GNS3 box from the DSL router and see if PC1 can get a DHCP address and connect to the internet. If it can, then you need to separate the networks by means of something that will not allow broadcasts through.

    You could set PC1 to static IP, DNS, etc...

    You might be able to configure a firewall on your GNS3 box to not allow anything from the 10 network (Eth1) out to the 192 (Eth2) network, put a router in front of the GNS3 box separating the broadcast domain.


    I don't know much about DHCP or if two DHCP servers fight and cross each other out of the picture.

    It will be interesting to read what other, more advanced individuals have to say on this matter.
  • ehndeehnde Member Posts: 1,103
    Thanks for your thoughtful response! I know what I'm asking about has no quick and easy answer, it seems like there could be different causes.
    Getting an APIPA means that the computer cannot even find a DHCP server.

    Good point! Maybe it was a coincidence. I turned off the DHCP services on the lab router...I didn't want to interfere with anyone's ability to use the internet.
    What we need to know:

    Is PC2 getting an IP?

    Is the DSL router also acting as a DHCP server?

    Yes, PC2 (my computer) did not have this issue. PC1 and PC2 are getting dynamically assigned addresses from the DSL router.

    I thought that because the lab is on the 10.x range and all other computers are using 192.x that the DHCP broadcasts would not go from the lab router out to where the other computers could "hear" this broadcast.

    The two solutions you suggest are both very likely to work, I'll probably go with the firewall suggestion.
    Climb a mountain, tell no one.
  • greenerekgreenerek Member Posts: 99 ■■□□□□□□□□
    Routers, by default, do not forward broadcasts. It is necessary to accommodate client DHCP broadcast requests if the DHCP server is on another broadcast domain.

    use command IP helper and address which you want to be broadcast through your router, Than your pc should received Dynamic IP
    Per aspera ad astra-Seneka


  • physicskidphysicskid Member Posts: 35 ■■■□□□□□□□
    IRONMONKUS wrote: »
    I don't know much, but I'll give er' a go. Most of my response is my outright thinking in trying to understand this as much as you.

    What we know:

    DHCP uses broadcasts, which can be interrupted by separating broadcast domains by the use of vlans, firewalls, and routers without an Ip helper-address.

    Your DSL Router/Modem is still in the same broadcast domain since it is switching to PC1, PC2, and GNS3 on the same vlan.

    Getting an APIPA means that the computer cannot even find a DHCP server.

    Since you are getting an IP from the 1721-1 router on GNS3, it is broadcasting on that vlan.

    What we need to know:

    Is PC2 getting an IP?

    Is the DSL router also acting as a DHCP server?

    With my limited knowledge:

    If this just happened as you added DHCP on the 1721-1, disconnect the GNS3 box from the DSL router and see if PC1 can get a DHCP address and connect to the internet. If it can, then you need to separate the networks by means of something that will not allow broadcasts through.

    You could set PC1 to static IP, DNS, etc...

    You might be able to configure a firewall on your GNS3 box to not allow anything from the 10 network (Eth1) out to the 192 (Eth2) network, put a router in front of the GNS3 box separating the broadcast domain.


    I don't know much about DHCP or if two DHCP servers fight and cross each other out of the picture.

    It will be interesting to read what other, more advanced individuals have to say on this matter.

    I really like how you formatted this response, IRONMONKUS. It's so easy to follow and understand. When I approach issues, I will try to approach them by laying out the information before diving in.

    Pardon for the hijack, I felt that kudos were in order :)
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    ehnde wrote: »
    I've spent about 2 hours learning to use Visio so that I could post this thread icon_lol.gif

    That's the kind of attitude that keeps me coming back to this forum right there.

    If PC2 is working correctly but PC1 is not, then the most obvious answer is that the problem lies somewhere within PC1. Double checking the networking settings there should be your first step.

    One more thought that comes to mind. What kind of security do you have enabled on your wireless? If you have a small DHCP pool allocated and a bunch of your neighbors are leeching your connection, the pool may have become exhausted, hence there are no addresses left for PC1 when it tries to get one.
  • ehndeehnde Member Posts: 1,103
    alan2308 wrote: »
    One more thought that comes to mind. What kind of security do you have enabled on your wireless? If you have a small DHCP pool allocated and a bunch of your neighbors are leeching your connection, the pool may have become exhausted, hence there are no addresses left for PC1 when it tries to get one.

    What you said here led me to the solution. No, no one is connected to our wireless network - but I started poking around in the dsl router and found something interesting (btw we're using WPA2).....I had a static route from 10.x to 192.x! RIPv2 (both directions) was also enabled. This was an old setting from when I was doing labs for the 70-680 using ESXi, putting virtual windows machines in a seperate network that could still communicate with my laptop AND still have the laptop use the internet.

    I had turned the DHCP server on the router back on to see if the error could be reproduced. It took about 15 minutes this time. The same laptop went to an APIPA address (I still don't get why that happened vs getting a 10.x address). Within 2 minutes of removing the static route, the laptop APIPA problem went away.

    This has been a really valuable troubleshooting experience. Thanks all for your help.
    Climb a mountain, tell no one.
  • IRONMONKUSIRONMONKUS Member Posts: 143 ■■■□□□□□□□
    physicskid wrote: »
    I really like how you formatted this response, IRONMONKUS. It's so easy to follow and understand. When I approach issues, I will try to approach them by laying out the information before diving in.

    Pardon for the hijack, I felt that kudos were in order :)

    Thank you! I give all of the credit to school and the class I am taking at the moment, which is Reasoning and Problem Solving. It's all about critical thinking, thinking outside the box, analyzing the way you think to heighten your sense of thinking, and stepping back to see the big picture. I've only liked computer classes in my life, but I'm loving this class.

    --ehnde, I'm glad you were able to troubleshoot your network and figure it out. icon_cheers.gif
Sign In or Register to comment.