OBi 202 stood up rogue DHCP server

[Spectrum_Holobyte]

My wife came to me today asking if the internet was out. I told her no. I checked her laptop and it had an IP number assigned that wasn't in our house's subnet range. I refreshed/renewed to request a new IP through DHCP and again got the subnet out of our range.

I temporarily hardcoded an IP in the right subnet and soon everything on my network started going dark - Alexas, IoT devices, streaming boxes, everything. Everything was getting DHCP in a non-existent subnet. My Google WiFi router sent me a push notification that a rogue DHCP server was responding to DHCP requests. With so many devices to check, I decided to open Wireshark and take a look at the traffic.

Long story short, one of my two OBi devices decided to make offers for DHCP requests. This is bizarre since a) it's a DHCP client and b) it was assigning addresses starting with 192.168.10.100, which isn't even the right subnet. It also reported its own IP number as 192.168.10.1, which is not at all our subnet.

I have the Wireshark trace file showing the DHCP requests from several devices and the OBi's DHCP offer to wrong IP configurations.

I realize the OBi 202 is not the newest product, but this is a serious bug. It's not just a phone going down, it's bringing down most of the network too.

[drgeoff]

I doubt that this is a bug. Check that the ethernet cable is plugged into the 202's INTERNET socket, not its  LAN one.

[Spectrum_Holobyte]

I doubt that this is a bug. Check that the ethernet cable is plugged into the 202's INTERNET socket, not its  LAN one.

Excellent inference, drgeoff. I recently did some recabling, so this seemed plausible. I disconnected the 202 when I traced the DHCP offers to it, but reconnecting it with the Cat6 in the LAN port caused the same behavior.

I had always envisioned the LAN port on that as a bridge, for example so a customer won't have to buy a hub or switch to connect a printer in a home office when adding an OBi. There's no need for a DHCP server if it's a layer 1 hub or layer 2 switch, so that implies it's doing layer 3 routing and possibly NATing the traffic. If I had realized that I would have suspected the OBi of sending the DHCP offers sooner, but I can't imagine anyone using an OBi for routing anything.

Thanks for the insight.

[drgeoff]

Yes, the 202 has a NAT router enabled by default between its two ethernet jacks.  The INTERNET one defaults to being a DHCP client.  The LAN one defaults to being on 192.168.10.1 with a DHCP server active.

The router can be disabled and the two external ports becomes two of a 3 port switch, the VoIP circuitry being on the third port.  All fully described in the Admin Guide.

Possibly the thinking comes from earlier times when internet access speeds were much lower.  Using the 202's router and QoS functions could prioritise VoIP traffic going to the public internet.

[Spectrum_Holobyte]

Thank you for the follow up and additional details. When I get a chance I'll check on changing the settings from a routed port to a switched port.