Need to detect if multiple routers on a network.

[milehigh]

I've got a cable modem -> Router -> Traffic Shaper -> Switches -> Client PC's (about 150 of them).

Router at 192.168.1.1, switches at 192.168.10-15, shaper at .20 and DHCP range starting at 150 with DHCP on.

Somebody plugged a router into the network (obviously 192.168.1.1) and it started handling the DHCP functions instead of the main router which consequently drops everybody else's connectivity.

So...is there a way to avoid this scenario?

In this case the guy who plugged the router in left the default password so I was able to get into it and change his IP to a static IP of .5 and turned off his DHCP but this won't keep it from happening in the future.

 

[spidey07]

That's called a rogue dhcp server. Manages switches have a means to detect that and shut the port down. You have to couple this is discipline and policy - so some kind of written disciplinary action against the person that plugged unapproved devices into the network is appropriate. Soon word gets around that you don't do that.

 

[milehigh]

They want to be as hands off as possible which is why they're using DHCP instead of managed switches/static IP assignments so it looks like discipline/policy might be the only course of action here.

 

[Crusty]

You can use DHCP with managed switches.....

 

[dphantom]

Just a question here, but if you have 150 client PCs receiving their address via DHCP and the DHCP scope starts at x.x.x.150, then not every PC can get an address if you are using a /24?

Just asking for my clarification.

 

[milehigh]

150 users=150 people/2 people per room with one jack per room (it's a dorm). So I need about 75 DHCP reservations to cover the whole building.

I was curious as I was typing this, looks like we're right on!
Dynamic IP Used : 74
Static IP Used : 0
DHCP Available : 26
Total : 100

 

[Crusty]

How does the 2nd person get access to the network? Only one person is allowed at once?

 

[spidey07]

OP - what model switches do you have? They may have the DHCP snooping/guard feature (cisco terms) that I was talking about. That feature was added specifically for your concern and is almost always implemented on college and business networks to stop exactly what you ran into.

 

[ScottMac]

Set your inbound packet TTL (TIme-to-Live) such that adding one more router expires the TTL. If the TTL expires, the user gets no traffic.

 

[kevnich2]

Originally posted by: milehigh
150 users=150 people/2 people per room with one jack per room (it's a dorm). So I need about 75 DHCP reservations to cover the whole building.

I was curious as I was typing this, looks like we're right on!
Dynamic IP Used : 74
Static IP Used : 0
DHCP Available : 26
Total : 100

Does only one person get on at a time? IP addresses doesn't go by the number of jacks you have but the number of devices requesting an IP address. One jack could have a switch connected to it with several devices on it? If only one person is connecting to internet at a time per room, then yes this will work. However, I'd switch over to a /23 subnet to allow for more expansion. Just my opinion though.

 

[skyking]

The one jack = two people situation is practically begging for rogue routers. So is the restricted scope. As much as I hate cascading small switches it sounds like the only solution, to provide a small switch when needed.

 

[JackMDS]

But small switch is a good solution provided that of the 150 only about 100 are concurrently On.

In addition some will still try to Stick Wireless Router so they can use their laptop's Wireless.

Nah, the whole thing has the be re-thinked and re-organize.

 

[milehigh]

Originally posted by: spidey07
OP - what model switches do you have? They may have the DHCP snooping/guard feature (cisco terms) that I was talking about. That feature was added specifically for your concern and is almost always implemented on college and business networks to stop exactly what you ran into.

I believe its this... Linksys - SRW2048 - 48-Port 10/100/1000. I'm walking into something here that hasn't been touched in almost a year so if they call me back in I can dig into it a little more.

Originally posted by: JackMDS
But small switch is a good solution provided that of the 150 only about 100 are concurrently On.

In addition some will still try to Stick Wireless Router so they can use their laptop's Wireless.

Nah, the whole thing has the be re-thinked and re-organize.

Agreed, I know if I was living there I know I'd want to use my wireless capability in my laptop.

 

[dphantom]

Originally posted by: milehigh

Originally posted by: spidey07
OP - what model switches do you have? They may have the DHCP snooping/guard feature (cisco terms) that I was talking about. That feature was added specifically for your concern and is almost always implemented on college and business networks to stop exactly what you ran into.

I believe its this... Linksys - SRW2048 - 48-Port 10/100/1000. I'm walking into something here that hasn't been touched in almost a year so if they call me back in I can dig into it a little more.

Originally posted by: JackMDS
But small switch is a good solution provided that of the 150 only about 100 are concurrently On.

In addition some will still try to Stick Wireless Router so they can use their laptop's Wireless.

Nah, the whole thing has the be re-thinked and re-organize.

Agreed, I know if I was living there I know I'd want to use my wireless capability in my laptop.

I have to go with Jack on this. I think you need to rethink your design. Having one jack for two people is doing nothing but asking for trouble.