Intermittent Changes of IP Address and WAN not pulling IP from Modem



  • I have been encountering an issue as to where my IP address will change at random times on some of my devices on my network. For example my Gaming PC, it will go from a 192.168.3.X subnet over to a 192.168.10.X subnet though causing my network connection to screw up. My tablet also does the same thing along with my mom's computer. I check my DHCP settings in pFSense but everything looks normal from there.

    My WAN interface also isn't pulling an IP Address from my Cable Modem via DHCP either after restarts. I have to manually go through and reset the interface to DHCP in the console; after I do that it'll get the IP address.

    • Dell Precision T3400 with Intel Q6600, 4GB DDR2, 80GB WD Caviar HDD, Broadcom NetXtreme BCM5721 (BGE0 is WAN interface) and Broadcom NetXtreme BCM5754 (BGE1 is LAN Interface)
    • Dell PowerConnect 5324 Switch (factory configuration)
    • Ubiquiti Unifi UAP Wireless Access Point
    • Motorola SB6141 Docsis 3.0 Cable Modem


  • You either set up your router incorrectly or you have a device that is also handing out DHCP on your LAN. Is that switch managed? I believe it is. Probably the source of your issues.

    Your WAN address is (most likely) another problem. Your particular cable modem is a bridge only device and only passes the traffic. Your corrected statement should read-

    "My WAN interface also isn't pulling an IP Address from my Cable Company headend via DHCP either after restarts."

    I say "most likely" because I have no way of knowing if you have shared every pertinent detail here. If you have connected the WAN of your pfsense directly to the ethernet port on the cable modem with nothing else in between you can safely ignore the "most likely" comment.

    When you change the MAC address of the device behind the cable modem you have to reset the cable modem. Cable companies generally only allow one MAC entry per customer. (Mine actually allows two for residential service and more for business class) Id actually try cloning a MAC address on your WAN page and see if that corrects it. There has been some mention around here about cable companies doing some screwy stuff with DHCP which causes a low MTU that can cause your issue. Someone else that knows can comment or you can do a search.



  • My switch is a managed switch. Funny thing is, the problem recently started occurring just a few days ago. I didn't do any configuration changes on my switch at all. I'll have to get around to pull the config from my switch sometime tonight. Just need to find my serial cable.

    As for the WAN issue, I'll look into that within my next couple of nights off from work. Thanks for the leads!



  • @chpalmer Here is my running configuration on my switch.

    console# show running-config
    interface ethernet g1
    spanning-tree disable
    exit
    interface ethernet g2
    spanning-tree disable
    exit
    interface ethernet g3
    spanning-tree disable
    exit
    interface ethernet g4
    spanning-tree disable
    exit
    interface ethernet g5
    spanning-tree disable
    exit
    interface ethernet g6
    spanning-tree disable
    exit
    interface ethernet g7
    spanning-tree disable
    exit
    interface ethernet g8
    spanning-tree disable
    exit
    interface ethernet g9
    spanning-tree disable
    exit
    interface ethernet g10
    spanning-tree disable
    exit
    interface ethernet g11
    spanning-tree disable
    exit
    interface ethernet g12
    spanning-tree disable
    exit
    interface ethernet g13
    spanning-tree disable
    exit
    interface ethernet g14
    spanning-tree disable
    exit
    interface ethernet g15
    spanning-tree disable
    exit
    interface ethernet g16
    spanning-tree disable
    exit
    interface ethernet g17
    spanning-tree disable
    exit
    interface ethernet g18
    spanning-tree disable
    exit
    interface ethernet g19
    spanning-tree disable
    exit
    interface ethernet g20
    spanning-tree disable
    exit
    interface ethernet g21
    spanning-tree disable
    exit
    interface ethernet g22
    spanning-tree disable
    exit
    interface ethernet g23
    spanning-tree disable
    exit
    interface ethernet g24
    spanning-tree disable
    exit
    interface vlan 1
    ip address 192.168.3.232 255.255.255.0
    exit
    ip default-gateway 192.168.3.1
    ip domain-name localdomain
    ip name-server 192.168.3.1



  • This got me curious. Have your tried disabling your DHCP server--the one that should be in charge, that is--and see if you still got allocation of IP addresses? Have you not modified the network, but spun off some server-type VM and left it running? If you don't have any live storage servers I'd just pull power to the whole house for a few seconds so all addresses are lost and you find the source of the 192.168.10.0 sub quicker but I'm always getting into trouble for doing stuff like that so don't listen to me. :)



  • I swapped over to a DHCP server I once had setup on my server before the major upgrades I've made in the past. DHCP on PfSense has been disabled for the time being. Trying to see if that makes a difference.



  • @skilledinept Is there a specific command I can show like a DHCP request log of some sorts?



  • Sorry, I was trapped in my own chaos. :) You can try packed captures, personally I don't understand them because I don't know the IP stacks but DHCP is easy to see because they're broadcast messages, even in non-promiscuos mode you should see DHCP request and offer messages, the host sending the offer messages is the MF you're looking for. It'll have a MAC address so you can match it. To make it easier look up the first half (xx:xx:xx) of it on the Internet and it'll tell you the manufacturer to which that range was issued.

    There's a DHCP tab in the system log as well, but I think that only works for the built-in server. If you have another interface you could also set it up on the same network to get and an address from DHCP, the rogue server. Speaking of rogue, there's a DHCP guard feature in some network switches and routers, this could really help you--this is another thing I don't do because I tend to forget about it and later I break up more things trying to find it. I've seen in on Ubiquiti for a while now, both EdgeMAX and UniFi families.



  • If you're on a UNIX-like system you can use this to capture remotely from a UniFi AP and from pfSense -- I found this somewhere and noted it down.

    Change X.X.X.X for the correct address.

    UniFi AP
    ssh ubnt@X.X.X.X 'tcpdump -f -i br0 -w - not port 22' | wireshark -k -i -
    You need Wireshark installed, obviously--works on Macs too and it won't get super hot like when you capture directly on it.

    pfSense
    ssh root@X.X.X.X 'tcpdump -f -i em0_vlan100 -w - not port 22' | wireshark -k -i -
    Here you'll need to change em0_vlan100 for the correct interface, but you can SSH in and get them with ifconfig. :) Good luck!


Log in to reply