+ Post New Thread
Results 1 to 15 of 15
Windows Server 2000/2003 Thread, DHCP and Mobile Devices in Technical; Hello, We are using windows server 2003 for dhcp and have 2 dhcp servers. I have been looking through the ...
  1. #1

    Join Date
    Feb 2011
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    DHCP and Mobile Devices

    Hello, We are using windows server 2003 for dhcp and have 2 dhcp servers. I have been looking through the leases and notice alot of ipods/ipads/android devices getting handed ip address via dhcp. I am wondering how they are getting them. We do have an Aruba wireless controller and a few AP 61 access points but i do not think they are authenticating through the Aruba wireless. So how else would these devices be getting ip addresses. I thought that maybe students are creating adhoc wireless networks on the few machines that have wifi cards but i don think the connected devices would be getting addresses from our dhcp server. I am out of ideas on how to track down how these devices are getting ip's handed to them. Any ideas would be appreciated.
    Thanks

  2. #2

    Join Date
    Jun 2009
    Location
    Birmingham
    Posts
    600
    Thank Post
    92
    Thanked 72 Times in 64 Posts
    Rep Power
    24
    I get the same and we are using a Ruckus system. I'm pretty sure it's because the iPhone will try and connect to the network so the first thing it gets is an IP address but then can't get any further because it can't authenticate to the wireless.
    I'm sure there is a much better/more technical reason behind it, but that's the best I can come up with at this time in the morning

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,072
    Thank Post
    853
    Thanked 2,676 Times in 2,270 Posts
    Blog Entries
    9
    Rep Power
    769
    Setup rogue AP detection and supression on the Aruba controller and check whether your keys have been compromised, it only takes one teacher to give out the code (and they will) or one insecured device or using WEP for whatever bad reason.

    You should be able to check in the controller to see if they are active at that time too. If you really wanted you could filter their MAC addresses (copied from the DHCP lease) in the controller too but its a loosing battle.

    801.11x based WPA2 enterprise security is the way foward with this for greater security as it will use machine certs to authenticate which can't be compromised as easily. Set up another limited VLAN and WLAN for student devices that only gets internet access to keep the security and also the flexability.

  4. #4

    Join Date
    Feb 2011
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the replies. I am now starting to think it is not the Aruba System because we are operating on the 'a' radio band and many of those devices do not have an 'a' radio in them. In fact, I took an ipod touch there and was 15 feet from the access point and it could not find the network, but once the band was changed on the AP profile to 'b/g' then it was able to see it. So again I am lost as to how they are getting an IP from the dhcp server. I do have rogue detection on. Thanks

  5. #5

    Join Date
    Oct 2005
    Posts
    824
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    Has someone plugged a wireless AP into a network socket somewhere?

  6. #6

    Join Date
    Feb 2011
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by pantscat View Post
    Has someone plugged a wireless AP into a network socket somewhere?
    Not that I have found. I did have a teacher plug a router into a network jack and had 2 ap's plugged into that, but that has since been disconnected. I have not detected any others.
    Thanks

  7. #7

    Join Date
    Oct 2005
    Posts
    824
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    What's your LAN environment like? all managed switches?

    If so - maybe look at the mac address tables on each port of each switch and look for multiple mac addresses on a single port?

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Easiest way to find unauthorised routers/aps on your network is to check your switches and see how many mac addresses are associated with each port. If there's more than one on a non trunk port that is your culprit. Additionally if you know the mac address of one of the mobile devices you can track the mac of it down in your switches back to a port and find out what's going on from that.

    Overall though, this should of enlightened you as to why having 802.11X enabled on your wired ports is important.

  9. #9

    Join Date
    Feb 2011
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by pantscat View Post
    What's your LAN environment like? all managed switches?

    If so - maybe look at the mac address tables on each port of each switch and look for multiple mac addresses on a single port?
    I would say 98% of our switches are Cisco managed switches. There are a few that are plain ol linksys 5 port switches where we needed more than 1 pc/printer but only had 1 network jack.

  10. #10

    Join Date
    Oct 2005
    Posts
    824
    Thank Post
    51
    Thanked 111 Times in 101 Posts
    Rep Power
    63
    In that case it's nice and straight-forward... do what @Geoff and I suggested.

    "show mac-address list" is your friend...

  11. #11

    Join Date
    Feb 2011
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by pantscat View Post
    In that case it's nice and straight-forward... do what @Geoff and I suggested.

    "show mac-address list" is your friend...
    So what should i be looking for in the results...I see many mac addresses on the same interface.
    Thanks

  12. #12

    Join Date
    Aug 2009
    Posts
    246
    Thank Post
    19
    Thanked 15 Times in 14 Posts
    Rep Power
    13
    You could run the MACs through a filter to determine which manufacturer they're from... if you see a load of Apple devices and you don't own any Macs you know to follow that port to it's physical location and take it from there... for example.

  13. #13

    Join Date
    Feb 2011
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Blue_Cookeh View Post
    You could run the MACs through a filter to determine which manufacturer they're from... if you see a load of Apple devices and you don't own any Macs you know to follow that port to it's physical location and take it from there... for example.
    Thanks for the reply. I can already get the macs from the windows dhcp server MMC. I just am not sure how to see where the dhcp request came from.

  14. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    this is why you need to look at your switches mac tables. They will tell you which mac addresses are associated with which ports. Therefore you can trace a mac address down to a physical location and thus a device.

  15. #15

    Join Date
    Feb 2011
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I will check that out, just not having much luck so far. Thanks again everyone

SHARE:
+ Post New Thread

Similar Threads

  1. Mobile devices in the classroom - what and why?
    By pooley in forum Netbooks, PDA and Phones
    Replies: 6
    Last Post: 1st February 2011, 09:02 PM
  2. Entourage +Windows Mobile Devices
    By Dos_Box in forum Mac
    Replies: 3
    Last Post: 17th March 2008, 05:04 PM
  3. Replies: 0
    Last Post: 1st July 2007, 08:04 PM
  4. DHCP and FQDN
    By Scruff in forum Windows
    Replies: 11
    Last Post: 3rd June 2007, 01:22 PM
  5. how to do dhcp and isaserver
    By browolf in forum Windows
    Replies: 7
    Last Post: 28th June 2005, 09:20 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •