Strange entries in my log file
Simon Hobson
dhcp1 at thehobsons.co.uk
Tue Jul 17 10:56:45 UTC 2007
Pete Clarke wrote:
>Hmm ... this is a small, home network.
Small ?
>The 1st layer 3 switch has both 192.168.0.0/24 and 192.168.1.0/24 vlans
>configured, the .0 is for the servers/management boxes, and the .1 is
>for clients (wired/wireless).
>Both layer 3 switches have the DHCP server helper addresses configured,
>and this works nicely - if I disable the helpers, the DHCPDISCOVER's get
>to the server, but the DHCPOFFER's don't get back to the clients..(as
>you'd expect).
Actually no, if you disable the bootp relay agents then the dhcp
discovers should not be getting to the server.
>I am assuming the rogue packets are coming in through the 2nd internet
>connection, does that sound reasonable..?
The problem is, if they come in that way, how would they get past the
NAT - unless you have port forwarding enabled for dhcp. I think it's
more likely that these packets are coming from a device inside the
network, but given the lack of such a subnet it's hard to see where
they would be coming from when they appear to be coming via a relay.
Might be time to look more closely and query the MAC tables in the
switches to determine where the packets came from. You'll probably
have to sniff packets, wait till one of these comes in, then inspect
the packet to figure out the source MAC & IP, then query the switches.
More information about the dhcp-users
mailing list