Sorry for my obscure title, I don't have much knowledge about networking. So today I got a really strange problem with my network, it's like this:
My network:
From Internet → my Wi-Fi router → "black box" ("black box" means that one cable get out of my Wi-Fi router from the LAN ports group, go somewhere and I don't have access to that network, I don't know what's going on there)
My PC and cell phone connect to my Wi-Fi router (so the higher level network in the title means this network and the lower level network means the "black box").
Normally my devices have IP addresses like this:
- My Wi-Fi router:
192.168.197.1 - My PC:
192.168.197.101 - My cell phone:
192.168.197.102
Today they changed, and my phone IP address became 192.168.21.106, and my PC IP address changed to 192.168.21.107.
Because I think that somehow the "black box" part conflict with my network, the 192.168.21.x came from the "black box" and it provides IP addresses for my devices, so I decided to try set a static IP address for my PC and my phone back with its normal IP address (kind of force they choose one specific IP address) and it works, I can connect to the Internet again.
So my question is "is it possible that a lower level network can provide IP addresses for the higher level network?". I feel really strange because I don't think a "slave" network can affect/sabotage "master" network like this so it leads to another question "how do I make sure that my network is a real master-slave?, or make sure the higher level network never gets IP addresses from anywhere else, but the primary router?".
Another thing I should add, I call it "black box", because I think my network should work with whatever network setup or happen in the "black box", so I don't like the solution like turn off/disable DHCP on "Black box" too much.
EDIT: I got two evidences tell me that the "black box" is the problem. One is that when I unplug the cable which connect to the "black box", 192.168.21.x is gone, everything back to normal, and two is that when I set my PC to the IP address 192.168.21.107 (IP address from "black box") I can connect to 192.168.21.1, and it's a management website of a Wi-Fi router (not mine).
Best Answer
If there are two or more DHCP servers, the one that answers your query first will "win". Your computer or any other device has no concept of "higher level network" or so, until it gets the IP address for itself and learns the netmask and the IP address of the gateway – but unless you use static settings, these information comes from (any) DHCP server.
If your router was able to filter packets travelling between LAN ports, it could filter out unwanted DHCP communication. But most probably all the LAN ports form a hardware switch or hub and you cannot separate these ports with software firewall of the router. Communication between LAN and Wi-Fi is probably bridged at software level and in theory you could filter it.
Properly configured firewall (extra device) inserted between your router and the "black box" part of the network would filter unwanted DHCP communication.
What you seek is called "blocking rogue DHCP". One method is to set local firewalls on affected devices to only accept DHCP offers from your router by its MAC address, or at least to block the known rogue DHCP by its MAC address.
Assigning static IP addresses independent from DHCP is quite a sane solution in such a situation. Still, identifying rogue DHCP servers, cutting them off or making them stop is better.