lease limit 1 and Apple Mac Computers creates duplicate IP address

Simon Hobson dhcp1 at thehobsons.co.uk
Fri Sep 13 11:44:09 UTC 2013 

Matt Jenkins wrote:
>CPE connected to a switch.
>1. Apple computer gets IP address then disconnects cable.
>2. Lease expires.
>3. Other non-Apple computer connects and gets same IP address.
>4. Apple computer connects and is unable to get a lease. It then assigns 
>itself the original IP address it had. Now there is an IP conflict.
>
>CPE connected to a switch.
>1. Apple computer gets IP address then disconnects cable.
>2. Lease expires.
>3. Other non-Apple computer connects and gets a new IP address.
>4. All other unused IP addresses are given out.
>5. New CPE connects and customers computer gets IP address Apple 
>computer had. (This will be a different household)
>6. Original Apple computer connects and is unable to get a lease. It 
>then assigns itself the original IP address it had. Now there is an IP 
>conflict.

Do you have any form of filtering/privacy control in place ?
My observations are that the client will do two things in parallel or in close temporal proximity :

1) Check if the router is the same device as it was on a network for which it still has a valid lease (does ARP requests for the IP of the router)
2) Broadcast DHCP packets

If it gets no response from a DHCP server AND the router is the same device AND there is an unexpired lease AND ARP requests for the address get no answer - only then does it reuse an address. Also, they are (IIRC) pretty good about checking before using a manually configured address and will pop up a warning if it would create a duplicate. If it can't get a valid address, it will assign itse;f a link-local address (169.254....)

So firstly, the device shouldn't be attampting to use an expired lease (a common part of both scenarios). Have you tried with longer leases just in case there's some timing problem ? 10 minute leases are a bit short anyway for the general case.

Secondly, assuming there's something wrong with the client's lease timing, is there anything in teh network that will block it being able to detect the other computer ? Specifically, it must be able to do an ARP request and gete an answer from any other device that might be using it. I'm wondering if perhaps there is some filtering in place - otherwise all customers' computers would be open and visible to each other. However, this privacy filtering would break suplicate IP address detection.

More information about the dhcp-users mailing list