Mac OS X doesn't renew DHCP after a 802.1x re-authentication on Ethernet

Number:rdar://9155388 Date Originated:18/03/2011
Status:open Resolved:
Product:Mac OS X Product Version:10.6.6
Classification:Serious Bug Reproducible:

After a 802.1X re-authentication, Mac OS X does DHCP Requests to the previous DHCP Server and waits 
one minute between attempts (doing a total of 3) before resorting back to a broadcasted DHCP Discove

This poses problem if the VLAN assigned by the switch changed after the re-authentication. A Mac wil
l regain very slowly its network connectivity because it insists on doing the DHCP Requests where a 
DHCP Discover in the new VLAN would enable network connectivity in seconds.

Windows' behavior is it'll try 3 DHCP Requests in a row wait 2-3 seconds and if nothing came back fr
om the original server will issue broadcast a DHCP Discover.

The end result is that a Mac OS X machine will experience a loss of connectivity for 2-3 minutes whi
le for Windows its a mere Note: 0000005 seconds.

Steps to Reproduce:

- Connect a Mac OS X station on a wired switch using 802.1X for access authorization with RADIUS VLA
N assignment turned on
- Mac OS X client successfully authenticate gets VLAN A, obtains an IP
- We initiate a forced 802.1X re-authentication from the switch
- Mac OS X client successfully re-authenticate gets VLAN B
- Mac OS X client sends a DHCP Request on the server where it obtained it's last IP
- No such DHCP Server exists in this new VLAN so no one will reply
- After a couple of minutes the Mac OS X client abandon the DHCP Requests and will do a DHCP Discove

Expected Results:

If the DHCP Requests have no reply within a couple of seconds, the OS should do a DHCP Discover righ
t away to obtain an IP.

Actual Results:

It does 3 DHCP Requests and wait for one minute each for a reply leading to a 3 minutes of no networ
k connectivity even though it could work.


10.5 and previous 10.6 are also affected but we made sure it was reproducible with 10.6.6


A related problem existed for Wireless 802.1X and Wireless MAC Authentication in general but it has 
been fixed in 10.6.5.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!