Odd DHCP behavior (Vista losing IP?)

David W. Hankins dhankins at isc.org
Thu Apr 15 22:22:19 UTC 2010

On Wed, Apr 14, 2010 at 10:06:58AM -0400, Denis Laventure wrote:
> Are you sure the problem is your DHCP server? After several tests and captures I'm starting to think it's related to our cisco routers (4506) security configuration, but I'm not sure yet... We use DHCP_SNOOPING and IP_SOURCE_GUARD on every network port that have this behavior. When a PC loses his IP and get a 169.254.x.x IP, if I remove the security on the port, everything return to normal... 

Vista definitely renews at 1/2 the lease time.  If IP_SOURCE_GUARD is
cutting out its renewals, it'll expire obviously, so that's a good
theory.  There shouldn't be a good reason for it to do that.

> have complaints from this particular lab.  I do see similar behavior for
> a handful of other machines on the network, some of the XP machines, but
> it's scattered and by no means consistent.  This lab is almost perfectly
> consistent.

Are the devices that are showing trouble similar in some way - for
example are they laptops with both wired and wireless connections?

E.g., is it possible that the client is leaking an IP source address
from an alternate interface?

> > Can you use snoop, tcpdump or perhaps wireshark to capture the
> > DHCPINFORM packets? Looks like there is some piece of information the PC

DHCPINFORM doesn't modify active state - at worst, it can cause the
client to get bad name server configs or similar.  I'd just ignore
them.  I'd be really surprised if anything in a DHCPINFORM exchange
caused a Vista client to drop its address.  That would be one pretty
big DOS security hole!

The interesting thing to get dumped are the RENEWING and then REBINDING
state DHCPREQUEST packets from the clients' point of view, and whether
or not they were seen on the server end.  I think we can say with
certainty Vista sends them at renewing time.  Why didn't the server
receive them?

David W. Hankins	BIND 10 needs more DHCP voices.
Software Engineer		There just aren't enough in our heads.
Internet Systems Consortium, Inc.		http://bind10.isc.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20100415/7393970a/attachment.bin>

More information about the dhcp-users mailing list