This chapter covers troubleshooting IP configuration issues, a critical skill for the CompTIA A+ 220-1101 exam (Objective 5.4). IP configuration problems are among the most common network issues, and you can expect approximately 5-10% of exam questions to involve identifying or resolving them. We will cover how to systematically diagnose and fix issues related to IP addresses, subnet masks, default gateways, DNS, and DHCP, using command-line tools and understanding the underlying mechanisms.
Jump to a section
Think of IP configuration as a postal service. Your computer is a house, and its IP address is the street address. The subnet mask tells you which part of the address is your neighborhood and which part is your specific house. The default gateway is the local post office—any mail for other neighborhoods must go through the post office. DNS servers are like a phone book that translates names (like 'google.com') into street addresses. If your house address is wrong (bad IP), mail never arrives. If you think your neighborhood is larger than it is (wrong subnet mask), you might try to deliver mail directly to a house on another street instead of sending it to the post office, and it gets lost. If the post office address is wrong (bad default gateway), all mail for other neighborhoods goes to the wrong place and vanishes. If the phone book is broken (bad DNS), you can't look up addresses, so you can't send mail to anyone you don't already know. Troubleshooting IP configuration is like systematically checking each of these components: verify the address, the neighborhood boundary, the post office, and the phone book. Tools like ping, ipconfig, and nslookup are your diagnostic tools to test each step.
What is IP Configuration and Why It Exists
IP configuration defines how a device connects to an IP network. Each device needs a unique IP address, a subnet mask to determine the network and host portions, a default gateway to reach other networks, and DNS server addresses to resolve domain names. Without correct configuration, the device cannot communicate effectively. The exam focuses on IPv4 configuration, though IPv6 is also covered.
How IP Configuration Works Internally
When a device boots, it either has a static IP configuration or uses DHCP to obtain one dynamically. DHCP (Dynamic Host Configuration Protocol, RFC 2131) operates on UDP ports 67 (server) and 68 (client). The process is DORA: Discover, Offer, Request, Acknowledge.
Discover: Client broadcasts a DHCPDISCOVER packet (destination 255.255.255.255, source 0.0.0.0) to find DHCP servers.
Offer: DHCP server responds with a DHCPOFFER containing an IP address, subnet mask, default gateway, DNS servers, and lease duration.
Request: Client broadcasts a DHCPREQUEST to accept the offer.
Acknowledge: Server sends DHCPACK confirming the lease.
Lease duration is configurable, typically 24 hours. Clients attempt to renew at 50% of lease time (T1) and rebind at 87.5% (T2). If renewal fails, the client continues using the IP until the lease expires.
Key Components, Values, Defaults, and Timers
IP Address: 32-bit number, usually dotted decimal (e.g., 192.168.1.10). Must be unique on the network. Common private ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. APIPA (Automatic Private IP Addressing) assigns an address in 169.254.0.0/16 when DHCP fails.
Subnet Mask: Defines network vs. host bits. Default masks: Class A (255.0.0.0), Class B (255.255.0.0), Class C (255.255.255.0). CIDR notation: /24 = 255.255.255.0.
Default Gateway: The router's IP address on the local subnet. Without it, traffic cannot leave the local network.
DNS Server: Resolves hostnames to IP addresses. Common public DNS: 8.8.8.8 (Google), 1.1.1.1 (Cloudflare).
DHCP Lease: Default 24 hours. Renewal attempts: T1 at 50% (12 hours), T2 at 87.5% (21 hours).
Configuration and Verification Commands
#### Windows (Command Prompt)
- ipconfig – Displays IP configuration.
- ipconfig /all – Shows detailed info including DHCP server, lease times, MAC address.
- ipconfig /release – Releases DHCP lease.
- ipconfig /renew – Renews DHCP lease.
- ping <target> – Tests connectivity.
- tracert <target> – Traces route to target.
- nslookup <hostname> – Queries DNS.
- netstat -r – Displays routing table.
- arp -a – Displays ARP cache.
#### Linux/macOS (Terminal)
- ifconfig – Displays IP configuration (deprecated, but still used).
- ip addr show – Modern alternative.
- dhclient – DHCP client (release/renew).
- ping, traceroute, nslookup, or dig.
- route -n – Routing table.
- arp -a – ARP cache.
#### Router/Switch (for verification)
- show ip interface brief – Quick status of interfaces.
- show running-config | include dhcp – Check DHCP config.
- debug ip dhcp server events – Monitor DHCP activity.
How IP Configuration Interacts with Related Technologies
ARP (Address Resolution Protocol): Maps IP to MAC addresses. If IP configuration is correct but ARP fails (e.g., wrong subnet mask causes ARP to target wrong host), communication fails.
DHCP: Relies on broadcast. If VLANs or subnets separate client and server, a DHCP relay agent (ip helper-address) is needed.
NAT (Network Address Translation): Often used with private IPs. Misconfigured NAT can cause reachability issues even with correct IP config.
Firewalls: Can block DHCP (UDP 67/68) or DNS (UDP 53).
IPv6: Uses SLAAC (Stateless Address Autoconfiguration) or DHCPv6. Common issue: IPv6 enabled but misconfigured, causing preference problems.
Common IP Configuration Issues and Their Symptoms
Duplicate IP Address: Two devices with same IP. Symptoms: intermittent connectivity, 'Address already in use' error, ARP table shows multiple MACs for one IP.
Wrong Subnet Mask: Device thinks it's on a different network. Symptom: can ping local hosts but not remote, or vice versa.
Wrong Default Gateway: Can communicate within subnet but not outside.
Bad DNS: Can ping IPs but not domain names.
DHCP Failure: Device gets APIPA address (169.254.x.x). No connectivity to DHCP server or network.
Static IP Conflict: Static IP matches DHCP scope or another static IP.
Troubleshooting Methodology (CompTIA A+ 6-Step)
Identify the problem: Gather information, duplicate issue, question users.
Establish a theory of probable cause: Question obvious causes (cable, power, recent changes).
Test the theory: Use ping, ipconfig, etc. If theory confirmed, determine next steps.
Establish a plan of action: Resolve the issue (change IP, renew lease, fix DNS).
Implement the solution: Make changes, escalate if needed.
Verify full system functionality: Test all affected services.
Document findings: Record symptoms, cause, and resolution.
Exam-Specific Details
APIPA range: 169.254.0.1 – 169.254.255.254 with subnet mask 255.255.0.0. Windows uses this when DHCP fails.
Loopback address: 127.0.0.1 – tests TCP/IP stack. Ping 127.0.0.1 to verify stack is working.
Default gateway: Must be on the same subnet as the device's IP.
DNS resolution: nslookup queries the configured DNS server. If it fails but ping to IP works, DNS is the issue.
Troubleshooting commands: Know ipconfig /release and ipconfig /renew for DHCP issues.
Static vs. Dynamic: Static configuration is manual; dynamic uses DHCP. Exam may ask which to use for servers (static) vs. clients (dynamic).
Identify the Symptom
The user reports 'no internet' or 'cannot access network resources'. Gather details: Is it one device or many? Can they access local resources? Did it work before? Check physical connections (cables, Wi-Fi). Use `ipconfig` to see if the device has an IP address. If it shows 169.254.x.x, DHCP failed. If it has a valid IP but no internet, the issue is likely gateway or DNS. Note: If the device has an IP starting with 169.254, it's APIPA, meaning no DHCP server was reachable. This is a common exam scenario.
Check Physical Connectivity
Ensure the network cable is plugged in (link lights) or Wi-Fi is enabled. Use `ipconfig` to see if the interface is 'Media disconnected' (cable unplugged) or 'Wireless LAN adapter Wi-Fi' shows 'Media disconnected'. If so, fix the physical connection. For Wi-Fi, check if the adapter is enabled and connected to the correct SSID. This step eliminates simple layer 1 issues before diving into IP configuration.
Verify IP Address Assignment
Run `ipconfig /all`. Check if the IP address is in the correct range for the network. If it's 169.254.x.x, DHCP failed. Try `ipconfig /release` then `ipconfig /renew`. If it still gets APIPA, the DHCP server is unreachable (maybe server down, firewall blocking, or wrong VLAN). If it gets a valid IP but the subnet mask is wrong (e.g., 255.0.0.0 instead of 255.255.255.0), correct it. If the IP is static and conflicts with another device, change it. The exam often tests APIPA as a sign of DHCP failure.
Test Local Connectivity (Ping Gateway)
Ping the default gateway. If successful, the device can communicate within the local subnet. If not, check the gateway IP in `ipconfig`; it must be on the same subnet as the device's IP. For example, if device IP is 192.168.1.10/24, gateway must be 192.168.1.1-254. If ping fails, the gateway may be down, or there's a layer 2 issue. Use `arp -a` to see if the gateway's MAC address is resolved. If not, ARP failed, possibly due to wrong subnet mask. This step isolates whether the issue is local or beyond the gateway.
Test Remote Connectivity (Ping External IP)
Ping a known public IP like 8.8.8.8. If successful, the device can reach the internet. If not, the problem is beyond the gateway (e.g., router, ISP). If it succeeds but you can't browse by name, DNS is the issue. If it fails, check the default gateway and routing. Use `tracert 8.8.8.8` to see where packets stop. The exam loves to test that ping to an IP works but ping to a name fails, indicating DNS issue.
Test DNS Resolution
Use `nslookup www.google.com`. If it returns an IP address, DNS works. If it fails, check the DNS server addresses in `ipconfig /all`. Common DNS servers: 8.8.8.8, 1.1.1.1. If the DNS server is unreachable (ping to DNS IP fails), the DNS server may be down or misconfigured. If ping to DNS IP works but nslookup fails, the DNS service may be faulty. Consider temporary DNS issues or firewall blocking UDP 53. This step confirms whether name resolution is the bottleneck.
Resolve and Verify
Based on findings, implement the fix: renew DHCP lease, correct static IP settings, change DNS servers, reset TCP/IP stack (netsh int ip reset), or update drivers. After changes, verify by repeating connectivity tests: ping gateway, ping external IP, browse a website. Document the issue and resolution. For exam, remember that `ipconfig /release` and `renew` are the first steps for DHCP issues, and checking DNS settings is key when name resolution fails.
In a medium-sized enterprise with 500 employees, IP configuration issues are a daily occurrence. One common scenario is a DHCP scope exhaustion. The DHCP server has a scope of 192.168.1.100-200, but 500 devices are trying to get IPs. New devices get APIPA addresses. The network engineer must either expand the scope, reduce lease time (e.g., from 24 hours to 8 hours), or add more DHCP servers. The engineer uses ipconfig /all on an affected client to see the APIPA address, then checks DHCP server logs to see if addresses are exhausted. The fix is to adjust the scope size or implement DHCP failover.
Another scenario: A user moves from one floor to another, connecting to a different VLAN. Their device retains the old static IP from the previous subnet. The user can't access any network resources. The helpdesk technician runs ipconfig and sees an IP address that doesn't match the subnet of the new VLAN (e.g., 10.0.1.10/24 instead of 10.0.2.0/24). The technician changes the IP to DHCP or assigns a correct static IP. This is common when static IPs are used for printers or servers without proper documentation.
A third scenario: A DNS server change causes widespread name resolution failures. The organization switches from internal DNS to public DNS (8.8.8.8) but forgets to update the DHCP scope. Clients still get old DNS server IP. Users can ping IPs but not browse websites. The network engineer runs ipconfig /all on a client, sees the old DNS, and updates the DHCP scope. After renewal, clients get the correct DNS. This highlights the importance of verifying DHCP options. In production, changes to DHCP or DNS should be tested on a small group first.
Objective 5.4 (Troubleshoot IP Configuration Issues) is a key part of the Hardware and Network Troubleshooting domain. The exam expects you to identify and resolve issues using command-line tools. Common exam questions present a symptom (e.g., 'User can't access internet but can ping local devices') and ask for the most likely cause or next step.
Top 3 Wrong Answers: 1. 'Replace the network cable' – This is a common distractor when the issue is actually DNS or gateway. If local ping works, the cable is fine. 2. 'The IP address is a duplicate' – While possible, the exam often tests more subtle issues like wrong subnet mask or DNS. Duplicate IPs cause specific symptoms like 'Address conflict' messages. 3. 'The DHCP server is down' – This is only correct if the device has an APIPA address. If the device has a valid IP, DHCP is probably fine.
Specific Numbers and Values: - APIPA range: 169.254.0.1 – 169.254.255.254, subnet mask 255.255.0.0. - Loopback: 127.0.0.1. - Default subnet masks: /8, /16, /24. - DHCP ports: 67 (server), 68 (client). - DNS port: 53 (UDP).
Edge Cases: - IPv6 misconfiguration: A device may have both IPv4 and IPv6. If IPv6 is misconfigured, it might cause preference issues. The exam may test IPv6 link-local addresses (fe80::/10). - VPN: A VPN client may change IP configuration, causing conflicts with local network. - Multiple NICs: A device with two NICs may have routing table issues.
How to Eliminate Wrong Answers:
- If the symptom is 'can't access internet but can access local resources', the issue is beyond the gateway (gateway, DNS, or ISP). Eliminate cable or local IP issues.
- If ipconfig shows an APIPA address, the cause is DHCP failure, not DNS.
- If ping 8.8.8.8 works but ping google.com fails, the cause is DNS.
- Always check the subnet mask: if it's wrong, local vs. remote communication breaks.
APIPA address range is 169.254.0.1 – 169.254.255.254 with subnet mask 255.255.0.0.
The loopback address 127.0.0.1 tests only the local TCP/IP stack.
ping 8.8.8.8 tests internet connectivity; ping google.com tests DNS resolution.
ipconfig /release and ipconfig /renew are used to refresh DHCP leases.
A wrong subnet mask can cause local vs. remote communication confusion.
DNS uses UDP port 53; DHCP uses UDP 67 (server) and 68 (client).
Tracert (traceroute) shows the path packets take to a destination.
nslookup queries DNS servers; failure indicates DNS issue if IP ping works.
These come up on the exam all the time. Here's how to tell them apart.
Static IP Configuration
Manually assigned IP, subnet mask, gateway, DNS.
No dependency on DHCP server; always works if configured correctly.
Prone to human error: typos, duplicate IPs, wrong subnet mask.
Best for servers, printers, network devices that need consistent IPs.
Must be documented and managed to avoid conflicts.
Dynamic IP Configuration (DHCP)
Automatically obtains IP from DHCP server.
Requires DHCP server to be reachable; failure results in APIPA.
Reduces configuration errors; IPs are centrally managed.
Best for client workstations, mobile devices.
Leases expire; devices may get different IPs over time.
Mistake
APIPA means the network is down.
Correct
APIPA (169.254.x.x) specifically indicates that the DHCP server was unreachable. The device can still communicate with other APIPA devices on the same subnet. It does not mean the entire network is down; it means the device failed to get a proper IP from DHCP.
Mistake
Pinging 127.0.0.1 tests network connectivity.
Correct
Pinging 127.0.0.1 (the loopback address) only tests the TCP/IP stack on the local machine. It does not test the network interface, cable, or any external connectivity. A successful loopback ping means the protocol stack is installed and working, but the network may still be disconnected.
Mistake
If you can ping an IP address, DNS is working.
Correct
Ping uses IP addresses directly; it does not require DNS. To test DNS, you must use a hostname (e.g., ping google.com) or use nslookup. If ping to an IP works but ping to a name fails, the issue is DNS resolution.
Mistake
Renewing a DHCP lease always fixes IP configuration issues.
Correct
Renewing only helps if the issue is related to DHCP, such as an expired lease or temporary server issue. If the problem is a wrong static IP, duplicate IP, or misconfigured DNS, renewing will not help. In fact, if the DHCP server is still unreachable, renewing will still result in APIPA.
Mistake
A default gateway is only needed for internet access.
Correct
The default gateway is needed to reach any network outside the local subnet, not just the internet. For example, to reach a server on a different VLAN, the device must send traffic through the default gateway. Without it, only local subnet communication is possible.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
An APIPA address indicates that the device could not reach a DHCP server to obtain a valid IP configuration. Windows automatically assigns an APIPA address when DHCP fails. The device can only communicate with other APIPA devices on the same subnet. To resolve, check the DHCP server, network connectivity, and firewall rules. Use `ipconfig /release` and `ipconfig /renew` to attempt a new lease.
This indicates a DNS resolution issue. Ping to an IP uses the IP directly, so it bypasses DNS. When you ping a hostname, the system queries the configured DNS server to resolve the name. If DNS fails (server down, wrong DNS IP, firewall blocking port 53), name resolution fails. Use `nslookup` to test DNS. Check DNS settings in `ipconfig /all` and try a known public DNS like 8.8.8.8.
`ipconfig /release` sends a DHCPRELEASE message to the DHCP server, releasing the current IP lease. The interface then has no IP address. `ipconfig /renew` sends a DHCPDISCOVER broadcast to obtain a new lease. These are used together to force a fresh IP assignment. They only work for DHCP-assigned addresses, not static IPs.
Run `ipconfig /all` and look at the 'Default Gateway' line. It should be an IP address on the same subnet as your device's IP. For example, if your IP is 192.168.1.10 with subnet mask 255.255.255.0, the gateway should be 192.168.1.1-254. Then ping the gateway to test reachability. If ping fails, the gateway may be down, or there is a layer 2 issue.
A duplicate IP address causes intermittent connectivity issues. Both devices may work briefly, but when the ARP cache updates, traffic may go to the wrong device. Windows typically shows a 'Windows has detected an IP address conflict' message. To resolve, change one device's IP or use DHCP to avoid conflicts.
Open Command Prompt as Administrator and run `netsh int ip reset`. This resets TCP/IP settings to default. You may need to reboot. Also run `netsh winsock reset` to reset the Winsock catalog. This can fix corruption in the network stack. After reset, reconfigure IP settings or renew DHCP.
A /24 network has a subnet mask of 255.255.255.0. This means the first 24 bits are the network portion, and the last 8 bits are for hosts. It allows up to 254 usable hosts (2^8 - 2). Common in small office networks.
You've just covered Troubleshoot: IP Configuration Issues — now see how well it sticks with free 220-1101 practice questions. Full explanations included, no account needed.
Done with this chapter?