- Find a machine which has an address from the rogue DHCP server.
- Ask the user to browse to the gateway address. That might tell you what it is.
- On the Windows machine run arp –a from the command prompt, to find the MAC address of the dhcp server.
- Find the port with that MAC and shut the rogue DHCP down.
- If you can’t get access to a user machine, create a secondary IP in the same VLAN as the user (usually the production vlan) in the same range as the rogue DHCP server. eg, if the server is 192.168.1.1, create secondary IP of 192.168.1.55, for example.
- Ping 192.168.1.255 and then run sh arp. You will probably find the server.
- Then on the switch find the port and shut it down.
|
IT Support Blog