Coping with a DHCP dilemma or two

Some users see too many DCHP servers, others see none - our troubleshooter offers advice on how to tackle the problem.


I have two problems with the network I am administering:

1) I have 35 users connecting on a LAN via a Cisco PIX501 firewall that runs DHCP. It has a limited 10-user licence, of which I have yet to upgrade to a 50-user licence. One of the key staff (my boss) connects to the Internet successfully 25 percent of the time, but 75 percent unsuccessfully. He can perform all other tasks on the network but not connect to the Internet (he uses Microsoft Internet Explorer 6.0 with SP2). As for other users on the network they connect fine - why?

2) I have four Linksys WRT55AG dual-band wireless A+G broadband routers on the network that use the PIX501 as a gateway. But from time to time they also produce DHCP. That confuses the other computers and they pick the wireless router address as their default gateway instead of the PIX. This also happens with the computers connected to the wired LAN. What can I do to resolve this?

- Margaret Kaoma

On the first question, since you have the key for the upgrade, get it installed ASAP. The PIX501 gets a little quirky when you are running more users through it than what it is licenced for. Installing the key will take just a matter of seconds and a quick restart of the firewall.

I would also suggest installing the last pdm and bin files for the 501. Several updates have been released for the 501 since you installed it and are well worth the time it would take to install. Your PIX is only as affective as the latest firmware that is running on it.

Install the new licence key first, restart the PIX and check to see if the problem is gone. Assuming it is, proceed with the firmware upgrade. If you haven't done a firmware upgrade before on the 501. the readme file that come with the files has good step-by-step instructions.

As to the Linksys issue, there are a couple of things to try. The first is to connect each of the Linksys routers to the PIX via the WAN port on the Linksys. In this way, the DHCP functionality on each PIX only supports the wireless clients connecting to it.

Even then, you may run into a problem with multiple Linksys devices providing DHCP. Make sure that you use a different IP address range for the APs than what the PIX is currently configured for. Even though the Linksys routers are using NAT or PAT, depending on your configuration, using a different IP range for the PIX from that used by the routers makes troubleshooting a little easier.

However, what is probably better is to use the Linksys devices in router mode so that the DHCP service can ultimately provided by the PIX. By default, they come set up in Gateway mode.

Yet another way you can also do the setup is to connect the Linksys routers to the PIX via the LAN side of the Linksys device. Turn off the DHCP service on the Linksys and let the PIX provide the DHCP service. As a general rule, you only want a single DHCP server on a network.

"Recommended For You"

Cisco patches vulnerabilities in small business routers and wireless LAN controllers Most USB thumb drives can be reprogrammed to silently infect computers