Two offers in response to one discovery

John Miller miller at
Wed Dec 14 16:24:09 UTC 2011

There is only one path as there is only 1 network. The server ID field is
the same and I have also verified there is no rogue server by removing the
valid server from the network and seeing no response.

A little more as to how Campus Manager works that might shed some light.
Basically there are two pools; compliant and noncompliant. The MAC address
of a client moves from one pool to the other depending on their state of,
well, compliance with network policy. The move is done by either having or
not having the client MAC address in the table of valid (compliant) MAC
addresses. The situation with the client in question is that it was
compliant, then became noncompliant, so yes, at one time it did have one of
the IP addresses that is being offered. When the DISCOVER is sent, the
packet does contain a request for its old IP address (option 50), but my
understanding is that the server should ignore this since the client MAC is
not in the compliant table (maybe a bad assumption). The server responds
with the 2 offers; one for the requested IP and the other (correctly) with a
non-compliant IP. The client only responds to the offer for wrong IP, which
the server properly NAKS. This goes on for some time until the server
finally sends an ACK for the compliant IP (like it gives up trying to do the
right thing) and then my non-compliant client is sitting on the compliant

The funny thing is that this all seemed to be working until about 3 weeks
ago, but, to my knowledge, nothing has changed. 

BTW - ISC version is 3.0.5

Very strange, or is this normal and we have just been lucky so far?

Thanks - John

-----Original Message-----
From: at
[ at] On Behalf Of
Simon Hobson
Sent: Wednesday, December 14, 2011 10:51 AM
To: Users of ISC DHCP
Subject: Re: Two offers in response to one discovery

John Miller wrote:

>What I am seeing in a pcap is the WindowsXP client, after a 
>release/renew, send the discovery and the server responding with 2 
>offers of 2 different IP addresses. First question is does this seem to 
>be any kind of normal behavior? Second question is what additional 
>information do I need to provide to help resolve this issue?

This can happen is there are two paths for a request to reach the server -
eg two routers on redundant paths both acting as relays. 
However, in that case, you should see the same IP address in the two offers.
Alternatively, someone has setup a rogue server.

You would want to examine the contents of the offer packets, and see what
the Server ID field holds.
Simon Hobson

Visit for books by acclaimed author
Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking
fillers. Some available as e-books.
dhcp-users mailing list
dhcp-users at

More information about the dhcp-users mailing list