I've been trying to solve this issue for a few years now and it's got me completely baffled. I work for a computer retail store and have asked our technicians and some of my other co-workers their opinions and they don't have an answer. After getting into a conversation with one of my customers today, I was informed that the same thing happens to him and some of his friends...enough rambling, here's the issue.
Probably about once a week, sometimes twice, sometimes several weeks go by without incident, my computers lose their network connection. I'm being vague in saying that because I honestly don't know where the problem lies. To fix it, I have to power-cycle my cable modem and router. Sometimes, simply renewing the IP from my router's setup screen works, but not often. Now, here's the wierd part. I've had the same issues for about 3-4 years now, with two different ISPs, four different routers on four different computers. I've talked to my ISP's tech support and they have no answer, I talked to both D-Link and Linksys and they has no answer other than the usual "do a firmware upgrade, make sure you have the latest Windows updates, blah, blah, blah". I consider myself to be a fairly advanced computer user and I've tried things such as assigning static IPs to my computers, setting the routers lease time to a higher value, disab ling firewalls...even reinstalling Windows on all of my machines with nothing but the Windows Updates, then leaving them for a few days just to see what happens, and sure enough, it dropped the connection again. I am getting a little tired of having to power-cycle every few days, but it's not the end of the world if I have to keep doing so. I'm simply posting here to see if anyone with a lot of networking knowledge has any ideas.
Okay, I'm just going to brainstorm here for a second.
- DOS attacks
- (if you have a domain) Domain hi-jacking
- All kinds of Spoofing and uncontrollable internet stuff
- Bad power or Loss of power to the router
- Malicious or unwitting employee messing with settings.
- Virus coded to disable your WAN link
- PPPOE link unstable
- ISP detecting you don't have a commercial account and having multiple nodes on your network, thus shutting you down.
- insufficient communication protocol between modem and router for PPPOE establishment (wikipedia has a good article on PPPOE and PPP)
Just so I understand...You said you're router looses it's IP address right? Because basically we need to isolate where the problem is coming from. If a node loses it's internet connection, but can still talk to other nodes on the internal network then I would suspect the router configs. Also I'm assuming you don't have a multi-segmented network and that if you are using DHCP... your router is the DHCP server and also that there are no other devices (i.e. switches/hubs) between your router and the nodes.
-Possible courses of action are to document hardware settings of devices before and after you lose the connection. And document IP connectivity tests for every node by running PING and maybe Pathping in CMD. It's always good to have a network map handy as well.
- You can also run Intrusion detection software such as AMAP commonly found on Backtrack linux cd. Which will let you know if any devices are being added to your network without your authorization.
- Lastly, I suggest you do some packet capture between your WAN and LAN ports on your router or place an perhaps an ethernet tap and packet/frame capture device between your modem and router. You will need someone to interpret the packets for you unless you know how to do so.
- Basically you need to: understand your network physically (where's my map)
what is traversing my network (packet capture)
what segment(s) or circuit(s) is the problem isolated to
is the problem even within my network or are there frames being sent to my network brinking down my routers WAN interface.
I'll be watching my email for your post for the next couple of days
You came up with some good points in your brainstorming, but just
to eliminate the ones that I know aren't the problem; I'm not
running on a domain, it's a residential account and I live alone
so nobody here would be changing any settings, and my ISP is
aware that I have multiple computers on a router and they are
fine with it.
The problem occured again this morning sometime between 8am and
10am. I have two computers running at the moment, both of them
had no access to the internet, but they could access the router.
I unplugged the cable modem and the router for about a minute,
then plugged the modem in, waited for it to sync-up, then plugged
in the router. Everything works fine....for now.
I do have two other devices on my network I should mention.
Between the modem and the router, I have a Linksys Network
Optimizer (OGV200). Plugged into one of the ports on the router
is a Linksys Phone Adapter for VoIP (PAP2) to allow me to use
Vonage. The router is a 4-Port Linksys (BEFSR41). However, I
was experiencing these problems long before adding the optimizer
and VoIP adapter to my network, so they wouldn't be the cause.
The problem seems to be that the router is losing it's IP
address. Sometimes, I can simply release and renew the DHCP
within the router control panel, but most of the time that
I have tried to change some of the settings on my router over the
years to see if that would fix the problem. I've tried setting
the MTU to something other than it's default, the client lease
time is currently 0 (which translates to one day). I've tried
setting that to a high number to see if it would fix it and it
didn't. Under "Security", I have Block Anonymous Internet
Requests, Filter Multicast and Filter Internet NAT Redirection
all set to disabled (default) because I'm not knowledgable enough
to know how to set those.
Under the Administration section, I have UPnP enabled and "Allow
users to make configuration changes" enabled by default.
However, I manually disabled "Allow users to disable internet
access" just to try something new. I did notice something odd
when I was browsing through the router settings this morning;
under Status -> Local Network -> DHCP Client Table, it only lists
the network optimizer and none of my computers. I opened the
control panel for the network optimizer and it doesn't appear to
have a table of that sort.
The next time I lose connection, I will remember to document the
changes to my hardware.
You suggested running intrusion detection software. i did look up
AMAP, but apparently it's on for Linux. Can you suggest
something for Windows XP please? I'll have to find out how to do
that packet capturing you suggested. I am an advanced computer
user, but I'm afraid my networking knowledge isn't as good as I'd
like it to be. I'll ask some of my more network-knowledgable
friends and see what they can suggest.
Hopefully the information I provided you here can help you try to
help me more.