Router != Switch (or: Just because the plug fits doesn't mean it's right)

So the other day I was trying to troubleshoot a network issue at the office (which is always fun, as it's usually something stupid that requires far too much time to figure out but only 30 seconds to fix). There were a couple computers in the office that couldn't get onto the Internet. After checking the obvious (that the cable is plugged in properly), I head into the command line to try to ping our firewall, with no luck. I check to see what the IP address for the machine is (and to see if it even had a proper one) and noticed that it was in the 10.x.x.x subnet.

Since our entire network is on the 192.168.1.x subnet, I had no idea why this machine had a 10.x.x.x IP address. Just to make sure the network card was working OK, I manually changed the IP address back to an IP in the office subnet, manually putting in the OpenDNS IP addresses, and got online fine. But the minute I put the computer back to auto-detecting IP settings, it reverted back to 10.x.x.x, and couldn't get online. I verified that the DHCP server on the network was running properly (it was), so it was either a) a weird thing is Vista that I've never come across or b) It was getting its IP address from somewhere else.

I assumed "b)" and installed Wireshark to look for DHCP handshakes and sure enough, there was another DHCP server running in the building somewhere that was overriding my DHCP server (which is basically a dd-wrt router, since that particular office is trying to phase out their Windows Domain/DHCP server).

So the hunt began for the rogue network device. After a bit of searching around the office, I found an old Zyxel wireless router (with a sticker from the long-defunct Unicom) buried under some wires in the corner of an office underneath a desk. It was plugged in where there used to be a switch (no idea what happened to the little five-port switch). Somebody must have figured that "Hey, this thing has network ports on it, it must work to connect all these random cables together." And it would have probably worked fine, if somebody would've turned off the DHCP server on the thing. And it was only affecting a few of the folks in the office as the rest hadn't renewed their DHCP request yet, so they still had the 192.168.1.x addresses.

But like I said before, pain to figure out, easy to fix.

So for future reference, just because it looks like a switch, and just because the the network cables fit, does not mean you should just randomly plug it in. Especially if it has a big ol' antenna sticking out of the top if it.

Posted by Jake on 03/23/09 @ 03:08 PM
