Sunday, August 05, 2007

Vista Wireless DHCP Problems with SonicWall TZ170w

The title bar link will not work for you if you do not have a SonicWall forum login. Nonetheless, here's an interesting problem I ran into and the solution.

I've been running Vista with various wireless access points just fine; Vista's WiFi stack seems OK to me. Then, we had a client running Vista who could not connect wirelessly to the firewall/access point we sold to them. That was a problem.

The Problem:
This Vista laptop was not able to obtain an IP address via DHCP from the SonicWall TZ 170w. It was able to associate itself (it showed up in the mac/ARP table) to the access point, but instead of getting an IP adress it kept reporting an IP address conflict. The same Vista laptop acquired a DHCP address just fine when connected through wired Ethernet.

Other symptoms included the laptop mac address showing up multiple times in the DHCP lease table on the SonicWall, the event viewer recording DHCP errors on differing IP addresses all reporting conflicts, and finally the wireless NIC falling back to an automatically assigned private IP address. I think that, if our DHCP pool has been small, this single laptop would have used up every available IP address in the DHCP pool.

The Solution:
According to Microsoft, a network trace revealed that Vista client is doing gratuitous ARP while losing the IP.

One of the usages of ARP is to provide duplicate IP address detection through the transmission of ARP Requests known as gratuitous ARPs. A gratuitous ARP is an ARP Request for a node’s own IP address. In the gratuitous ARP, the SPA and the TPA are set to the same IP address.

If a node sends an ARP Request for its own IP address and no ARP Reply frames are received, the node can assume that its assigned IP address isn’t being used by other nodes. If a node sends an ARP Request for its own IP address and an ARP Reply frame is received, the node can determine that its assigned IP address is already being used by another node.

After obtaining an IP address from the SonicWall TZ 170w firewall, the Vista client issues an auto-ARP to assure no conflict; in doing so it expects an answer from the DHCP server confirming the IP address. Without the confirmation the client will decline the IP address received via DHCP.

The core of the issue seems to be the ARP request sent out by the Vista client. The wireless Vista client issues out a Version A ARP request with a source IP address of 0.0.0.0. This is non-standard behavior (whatever that means). Future SonicWall TZ 170w firmware will address the issue.

The Resolution:
The ArpRetryCount registry setting sets the number of times that a gratuitous ARP is sent when initializing IP for a specific IP address. If no ARP Reply is received after sending ArpRetryCount gratuitous ARPs, IP assumes the IP address is unique on the network segment.

In the mean time, runas REGEDIT as administrator, then go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters and add a new REG_DWORD named “ArpRetryCount” with a value of 0 and reboot.

Again, according to Jean-Marc of SonicWall (as of May 2007), a future firmware will address the issue.

4 comments:

  1. HI Lee and/or Cathy. Was this problem ever addressed? I'm using SonicEnhanced OS vs 3.2.3.0e released in February 2007 and that is the latest version available.

    Problem is still occurring for me.

    Please email me @:
    steve_picote at hotmail dot com

    ReplyDelete
  2. My guess is that SonicWall isn't doing anything new with the TZ170W any more. I doubt the firmware is coming, unless someone (hint, hint) nudges them.

    ReplyDelete
  3. We have a bunch of TZ150's and the TZ150's now have firmware that fixes the problem, so maybe the person asking about the 170 should call Sonicwall.

    ReplyDelete
  4. Firstly thnx you for this. and i can not download it from web site can you send firmware to me ?

    Please e mail me
    mehmetenderdemirel@hotmail.com

    ReplyDelete