Is this a DHCP problem?

[Guest]

I have a simple network using a private subnet with a W2K DNS/DHCP server,
Novell server, a Red Hat Linux box and 60 workstations. A SonicWall router is
the gateway. I am in the process of replacing the old SonicWall with a newer
unit and with the new unit installed the dynamic ip workstations can't run
the Linux application, the static workstaions have no problem. I can also
duplicate the problem with the Sonicwall removed from the network as well.
With the sonicwall removed why can't the workstations access the app on the
Linux box? I can ping the linux box from the workstation, it just times out
trying to run the app.

Anyone have any ideas? Do you need more information?

Colin

 

[Michael D. Ober]

Your DHCP server's scope doesn't by any chance point at the old SonicWall's
IP address for DNS services?

Mike Ober.

 

[Guest]

Thanks for the reply. No, the DHCP scope points to itself as the DNS server.

Is it possible to add the DHCP servers IP address (itself) as a second
gateway so when the Sonicwall is removed the dynamic clients still have an
active gateway on the network?

This is a strange problem.

Any help would be appreiciated....

 

[Phillip Windell]

Let's backup a few steps before we run off in the wrong direction.

1. What Linux App?
a. How is it accessed?,..IP#, Hostname?, DNS FQDN?
b. Is the IP# of the Linux box static?
c. what kind of App is it to begin with?
2. The DHCP Clients....
a. getting a proper IP# for the proper subnet from the proper DHCP?
b. Are you sure they aren't getting it from the new box if you might
have
forgotten to disable any DHCP Service on it if it has one.
c. Run IPCONFIG /ALL on those clients and see what they are getting
and from where they get it.

 

[Guest]

Thank-you Phillip for your questions on this. The problem is I don't know
much about this Linux box as it is maintained by another vendor. I need to
determine if it's my network or the Linux box setup that's to blame. I will
answer your questions best I can.

1a: Each workstation has a hosts file with the ip address of the Linux box
and it's hostname
1b: The linux box has a static ip
1c: The app they are running is called BBj (www.basis.com). The workstation
pulls the BBj program off the novell server, then it goes to the Linux box
for a licence and then the database. It times out trying to obtain a licence.
This only fails on the dynamic ip workstations when the SonicWall is
disconnected or replaced with the newer model (sonicwall says there is
nothing wrong with there appliance).

2a: I have the private range 192.168.x.x for the network. the 0.x subnet is
for the servers (Linux, Netware, W2K servers) The 1.x subnet for DHCP dynamic
ip workstations, the 2.x subnet for the Static ip workstations and 3.x subnet
for the printers.
2b: I will ask the Linux techs about that but I'm pretty sure it's not
running DHCP, they know the W2K server is doing dhcp.
2c: I will run iponfig /all on both the static and dynamic workstations when
I go there next. I should see the same on both right? It should show the dns
as the W2K dhcp/dns server and the gateway as the sonicwall.

I can't test anything until after hours as it disables the dynamic ip
workstations from accessing this program.

Thank-you for your thoughts, it's driving me crazy.

Colin

Let's backup a few steps before we run off in the wrong direction.

1. What Linux App?
a. How is it accessed?,..IP#, Hostname?, DNS FQDN?
b. Is the IP# of the Linux box static?
c. what kind of App is it to begin with?
2. The DHCP Clients....
a. getting a proper IP# for the proper subnet from the proper DHCP?
b. Are you sure they aren't getting it from the new box if you might
have
forgotten to disable any DHCP Service on it if it has one.
c. Run IPCONFIG /ALL on those clients and see what they are getting
and from where they get it.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

Thanks for the reply. No, the DHCP scope points to itself as the DNS server.

Is it possible to add the DHCP servers IP address (itself) as a second
gateway so when the Sonicwall is removed the dynamic clients still have an
active gateway on the network?

This is a strange problem.

Any help would be appreiciated....

 

[Phillip Windell]

I'm thinking through this as I type,...so I may wonder around a bit...

1c: The app they are running is called BBj (www.basis.com). The workstation
pulls the BBj program off the novell server, then it goes to the Linux box
for a licence and then the database. It times out trying to obtain a

licence.

What is the exact error? exactly,..word for word.

2a: I have the private range 192.168.x.x for the network. the 0.x subnet is
for the servers (Linux, Netware, W2K servers) The 1.x subnet for DHCP dynamic
ip workstations, the 2.x subnet for the Static ip workstations and 3.x subnet
for the printers.

2c: I will run iponfig /all on both the static and dynamic workstations when
I go there next. I should see the same on both right? It should show the dns
as the W2K dhcp/dns server and the gateway as the sonicwall.

It probably is not even a DHCP issue to begin with,...but I do want to know
what the "IPconfig /All" produces on at least one of the Dynamic machines,
and I would like to know with it is on one "sample" machine from each
subnet, so that would be 3 all together.

I can't test anything until after hours as it disables the dynamic ip
workstations from accessing this program.

No, IPConfig shouldn't disable anything.

Where's the LAN Router(s) in all this? A single router in the "center" with
each subnet going into it? A pair of routers with two subnets into each
one? I'm talking about "real" routers, not Internet Sharing NAT Devices
(SonicWall is an Internet Sharing NAT Device).

Did you establish ACLs on any LAN Router that may be breaking communication
from the 1.x subnet to the 0.x subnet on certain ports?

In the SonicWall configuration did you remember to include either all three
IP ranges or the entire 192.168.x.x block as "Internal" networks so that the
SonicWall does think any of them is somehow out on the Internet.

Please tell me that you are not trying to use the SonicWall as both an
"Edge Firewall" (Internet Sharing NAT Device) and a LAN Router at the same
time? ...and that the 1.x subnet is not plugged into a "third leg DMZ port"
on the box (if SonicWall has one of those)

 

[Guest]

Do I have something wrong with the network setup? In effect I have everything
going to a Dlink DGS-1008T gigabit switch. 4 servers and 4 24 port Dlink
DES-1024G switches are connected to it. The sonicwall is plugged into one of
the 24 port switches. The switches must be acting as the router, I didn't
configure anything special for the different subnets, everything is just
plugged into the ports. I'm not using the DMZ port. I don't believe there is
any configuration in the sonicwall to reference the internal network as it's
just acting as an internet sharing device as you said.

I can't get you the exact error message until i have a chance to remove the
sonicwall again, which I could do next week. Here is a listing of the
ipconfigs you requested.

0.x subnet (servers):

Hostname : Communigate
Primary DNS Suffix : ad.bcnu.org
Node Type : Hybrid
IP Routing Enabled : No
WINS Proxy Enabled : No
DNS Suffix Search List : ad.bcnu.org
bcnu.org

IP address: 192.168.0.3
Mask : 255.255.0.0
Gateway : 192.168.0.1
DNS : 192.168.0.2
WINS : 192.168.0.2

1.x subnet (Dynamic workstations):

Hostname: melody01
Primary DNS Suffix : ad.bcnu.org
Node Type : Hybrid
IP Routing Enabled : No
WINS Proxy Enabled : No
DNS Suffix Search List : ad.bcnu.org
bcnu.org


IP address : 192.168.1.29
Mask : 255.255.0.0
Gateway : 192.168.0.1
DHCP server: 192.168.0.2
DNS Server: 192.168.0.2
WINS Server: 192.168.0.2

2.x subnet (static workstations):

Hostname: cowen01
Primary DNS Suffix : ad.bcnu.org
Node Type : Unknown
IP Routing Enabled : No
WINS Proxy Enabled : No
DNS Suffix Search List : ad.bcnu.org
bcnu.org

ip address : 192.168.2.9
mask : 255.255.255.0
gateway : 192.168.0.1
DNS server: 192.168.0.2

Thanks so much for helping me with this. This network has grown from a
handful of workstations to over 100 devices of various kinds. Print servers,
4 servers, 80 workstations, scanners, etc. I have just added switches to
increase the network when necessary. Maybe I need to step back and look at
how everything is connected.

Let me know what you think....

Colin

 

[Richard G. Harper]

The first two address ranges are fine, but the third is incompatible with
the other two. With a netmask of 255.255.255.0 it means that any computer
in that range can see only devices in the address range 192.168.2.1 through
192.168.2.255 and nothing else.

If I may ask, why three ranges? If you have only 100 or so devices they
should nicely fit within a single address range (192.168.0.1 -
192.168.0.254, netmask 255.255.255.0 would be my recommendation) and it
would make your life immensely easier when trying to administer them.

 

[Phillip Windell]

It is late in the day for me and I won't be back until Monday,...but I can
make just a few comments. Consider what Richard is saying,..he and I are
thinking on the same lines.

Do I have something wrong with the network setup? In effect I have everything
going to a Dlink DGS-1008T gigabit switch. 4 servers and 4 24 port Dlink
DES-1024G switches are connected to it. The sonicwall is plugged into one of
the 24 port switches. The switches must be acting as the router, I didn't
configure anything special for the different subnets, everything is just
plugged into the ports.

Switches don't normally act as routers, althought there are "Layer3
Switches" that are routers and switches built into the same device together.
But even those only operate as switches by default,...they aren't going to
act as router by accident,...you would have had to do it on purpose.

I'm not using the DMZ port. I don't believe there is
any configuration in the sonicwall to reference the internal network as it's
just acting as an internet sharing device as you said.

There has to be. It can't operate as a NAT Device without that. Typically
it is called a "Local Address Table", but the exact "lingo" may vary. I'm
not personally familiar with SonicWalls.

0.x subnet (servers):
Hostname : Communigate
IP address: 192.168.0.3
Mask : 255.255.0.0
Gateway : 192.168.0.1

1.x subnet (Dynamic workstations):
Hostname: melody01
IP address : 192.168.1.29
Mask : 255.255.0.0
Gateway : 192.168.0.1

2.x subnet (static workstations):
Hostname: cowen01
ip address : 192.168.2.9
mask : 255.255.255.0
gateway : 192.168.0.1

The subnet masks are incompatible. The Mask causes 0.x, 1.x, and 2.x to
actually be in the same subnet. However the Mask in 2.x contradicts that.

I would suggest using *only* the 2.x subnet and drop the others completely
because 0.x and 1.x are extremely heavily over-used and will cause you
problems in the future if you use VPN. The Mask should only be
255.255.255.0. Your network will be just one single subnet with a maximum
of 254 hosts which is plenty for what you have. I think Richard is thinking
on similar lines.

I'll watch for posts on Monday if you haven't figured something out by then.

 

[Guest]

You both have a good point. I was trying to keep things separate thinking it
would make for a better organized layout but one subnet could handle
everything. Do you feel that my problems could be caused by having different
subnets? That wouldn't be to difficult to change, I can do this next week
maybe. I'll let you know if it resolves the issue.

Thanks for your input....

Colin

 

[Richard G. Harper]

One thing is certain - having multiple subnets where you don't need them
does tend to make troubleshooting more difficult. And it is certain that
given the address ranges you describe you will never get all the computers
talking to each other without some fairly complex routing arrangements - so
if you don't need the multiple ranges you will simplify matters greatly by
getting rid of them.

 

[Guest]

I changed the network to use the one subnet at 192.168.0.x and that resolved
the issue! I installed the new SonicWall firewall and all the special
applications run fine. Thanks for your help on this one, it was driving me
crazy.

Colin

One thing is certain - having multiple subnets where you don't need them
does tend to make troubleshooting more difficult. And it is certain that
given the address ranges you describe you will never get all the computers
talking to each other without some fairly complex routing arrangements - so
if you don't need the multiple ranges you will simplify matters greatly by
getting rid of them.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* In fond memory ... Alex, you shall be sorely missed
* http://www.aumha.org/alex.htm

You both have a good point. I was trying to keep things separate thinking
it
would make for a better organized layout but one subnet could handle
everything. Do you feel that my problems could be caused by having
different
subnets? That wouldn't be to difficult to change, I can do this next week
maybe. I'll let you know if it resolves the issue.

Thanks for your input....

Colin

 

[Phillip Windell]

That will work fine, although that is a heavily over-used IP Range for
private networks,...if you ever do a VPN with another System and they also
use that same IP Range the VPN won't work. Just giving you a "heads-up" on
that in case it ever happens.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

I changed the network to use the one subnet at 192.168.0.x and that resolved
the issue! I installed the new SonicWall firewall and all the special
applications run fine. Thanks for your help on this one, it was driving me
crazy.

Colin

One thing is certain - having multiple subnets where you don't need them
does tend to make troubleshooting more difficult. And it is certain that
given the address ranges you describe you will never get all the computers
talking to each other without some fairly complex routing arrangements - so
if you don't need the multiple ranges you will simplify matters greatly by
getting rid of them.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* In fond memory ... Alex, you shall be sorely missed
* http://www.aumha.org/alex.htm

You both have a good point. I was trying to keep things separate thinking
it
would make for a better organized layout but one subnet could handle
everything. Do you feel that my problems could be caused by having
different
subnets? That wouldn't be to difficult to change, I can do this next week
maybe. I'll let you know if it resolves the issue.

Thanks for your input....

Colin

:

It is late in the day for me and I won't be back until Monday,...but I
can
make just a few comments. Consider what Richard is saying,..he and I are
thinking on the same lines.

Do I have something wrong with the network setup? In effect I have
everything
going to a Dlink DGS-1008T gigabit switch. 4 servers and 4 24 port
Dlink
DES-1024G switches are connected to it. The sonicwall is plugged into
one
of
the 24 port switches. The switches must be acting as the router, I
didn't
configure anything special for the different subnets, everything is
just
plugged into the ports.

Switches don't normally act as routers, althought there are "Layer3
Switches" that are routers and switches built into the same device
together.
But even those only operate as switches by default,...they aren't going
to
act as router by accident,...you would have had to do it on purpose.

I'm not using the DMZ port. I don't believe there is
any configuration in the sonicwall to reference the internal network as
it's
just acting as an internet sharing device as you said.

There has to be. It can't operate as a NAT Device without that.
Typically
it is called a "Local Address Table", but the exact "lingo" may vary. I'm
not personally familiar with SonicWalls.

0.x subnet (servers):
Hostname : Communigate
IP address: 192.168.0.3
Mask : 255.255.0.0
Gateway : 192.168.0.1

1.x subnet (Dynamic workstations):
Hostname: melody01
IP address : 192.168.1.29
Mask : 255.255.0.0
Gateway : 192.168.0.1

2.x subnet (static workstations):
Hostname: cowen01
ip address : 192.168.2.9
mask : 255.255.255.0
gateway : 192.168.0.1

The subnet masks are incompatible. The Mask causes 0.x, 1.x, and 2.x to
actually be in the same subnet. However the Mask in 2.x contradicts that.

I would suggest using *only* the 2.x subnet and drop the others
completely
because 0.x and 1.x are extremely heavily over-used and will cause you
problems in the future if you use VPN. The Mask should only be
255.255.255.0. Your network will be just one single subnet with a
maximum
of 254 hosts which is plenty for what you have. I think Richard is
thinking
on similar lines.

I'll watch for posts on Monday if you haven't figured something out by
then.

 

[Richard G. Harper]

Glad I was able to help you get it sorted out.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* In fond memory ... Alex, you shall be sorely missed
* http://www.aumha.org/alex.htm

I changed the network to use the one subnet at 192.168.0.x and that
resolved
the issue! I installed the new SonicWall firewall and all the special
applications run fine. Thanks for your help on this one, it was driving me
crazy.

Colin

One thing is certain - having multiple subnets where you don't need them
does tend to make troubleshooting more difficult. And it is certain that
given the address ranges you describe you will never get all the
computers
talking to each other without some fairly complex routing arrangements -
so
if you don't need the multiple ranges you will simplify matters greatly
by
getting rid of them.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* In fond memory ... Alex, you shall be sorely missed
* http://www.aumha.org/alex.htm

You both have a good point. I was trying to keep things separate
thinking
it
would make for a better organized layout but one subnet could handle
everything. Do you feel that my problems could be caused by having
different
subnets? That wouldn't be to difficult to change, I can do this next
week
maybe. I'll let you know if it resolves the issue.

Thanks for your input....

Colin

:

It is late in the day for me and I won't be back until Monday,...but I
can
make just a few comments. Consider what Richard is saying,..he and I
are
thinking on the same lines.

Do I have something wrong with the network setup? In effect I have
everything
going to a Dlink DGS-1008T gigabit switch. 4 servers and 4 24 port
Dlink
DES-1024G switches are connected to it. The sonicwall is plugged
into
one
of
the 24 port switches. The switches must be acting as the router, I
didn't
configure anything special for the different subnets, everything is
just
plugged into the ports.

Switches don't normally act as routers, althought there are "Layer3
Switches" that are routers and switches built into the same device
together.
But even those only operate as switches by default,...they aren't
going
to
act as router by accident,...you would have had to do it on purpose.

I'm not using the DMZ port. I don't believe there is
any configuration in the sonicwall to reference the internal network
as
it's
just acting as an internet sharing device as you said.

There has to be. It can't operate as a NAT Device without that.
Typically
it is called a "Local Address Table", but the exact "lingo" may vary.
I'm
not personally familiar with SonicWalls.

0.x subnet (servers):
Hostname : Communigate
IP address: 192.168.0.3
Mask : 255.255.0.0
Gateway : 192.168.0.1

1.x subnet (Dynamic workstations):
Hostname: melody01
IP address : 192.168.1.29
Mask : 255.255.0.0
Gateway : 192.168.0.1

2.x subnet (static workstations):
Hostname: cowen01
ip address : 192.168.2.9
mask : 255.255.255.0
gateway : 192.168.0.1

The subnet masks are incompatible. The Mask causes 0.x, 1.x, and 2.x
to
actually be in the same subnet. However the Mask in 2.x contradicts
that.

I would suggest using *only* the 2.x subnet and drop the others
completely
because 0.x and 1.x are extremely heavily over-used and will cause you
problems in the future if you use VPN. The Mask should only be
255.255.255.0. Your network will be just one single subnet with a
maximum
of 254 hosts which is plenty for what you have. I think Richard is
thinking
on similar lines.

I'll watch for posts on Monday if you haven't figured something out by
then.