Phil Mayers wrote: > Kurt Bales wrote: >> Hello All, >> >> Just a follow up to this post. I got into work this morning and found this >> problem occuring in overdrive! > > As I believe I mentioned in a previous post, It's normal for the client > to do an ARP *request* for the IP it's offered; that is how conflicts > are detected before picking the lease. So, a normal process looks like this:
It may be normal but best I can tell Vista's g-arp frames are not formatted correctly. In fact this problem affects not only Vista but the D-Link's WBR and EBR product lines and OS X (I don't know what version). I fought this battle months ago and lost. We discovered this issue when we put Vista, OS X or the new D-Links behind the VisionNet 202 ADSL modem. Previously we used the 200ES and 201 models. The 202 was significantly different. Unfortunately it also came with a builtin proxy-arp function that can't be disabled. > router: OFFER src=gwip dst=255.255.255.255 dmac=? [1] > client: ARP request ip=leaseip It's all good up until this point. The g-arp that Vista sends uses a BS MAC (a multi-cast MAC no less) for the THA (target hardware address). It uses 0.0.0.0 for the SPA (source protocol address). Herein lies the problem. Any device that performs proxy-arp functions will respond to this ARP because 1) it has a connected network to the target device in question and 2) it knows based on the SPA that the sending host is not already in that subnet (otherwise the local host would respond to the ARP itself). When the proxy-arp device responds, in our case the VisionNet modem, the sending device sends a DHCP DECLINE to the DHCP server and requests another IP. The only fixes we found for this problem was to not put Vista, OS X or the new D-Link firewalls behind a VisionNet 202 modem or to put a LinkSys firewall in front of them. From what I read a device is not supposed to send an ARP request until it has a valid IP to use as the SPA. Of course what I read also indicates that the THA is supposed to be ff:ff:ff:ff:ff:ff and not the made up MAC that Vista uses. Kurt, disabling proxy ARP on the interfaces facing your DHCP clients should resolve the technical issue at least. Justin _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
