ISP DHCP Mystery
 

This is a bit complicated, especially since my english is stretched to it's limits, so bear with me..
I've been using m0n0wall on old hardware with a bunch of old 3Com nic's for about the last eight years or so. Recently i decided to upgrade and went for a PC Engines Alix 2d13. I also bought a MikroTik RB750 to play around with since it had a very nice pricetag.
I have an up to 30 Mbit VDSL connection. The modem, provided by my ISP is in bridged mode and the router get's assigned one public IP via DHCP.
I don't want to post my public IP here, so i'll call them IP A, IP B, and so on. With my old router i have been assigned IP A for a long time. When i connected my new router running m0n0wall i got assigned a new IP, IP B. Since i frequently connect to my computers remotely with VNC, i wanted my old IP, so i entered the MAC address of the old 3Com nic from the old router, in the m0n0wall WAN configuration of my new router and after a reboot of the router, i was back to IP A. However, i plugged in the RB750 to try it out (can't remember what address i was assigned) and figured out how to change the WAN MAC address of this device to the old 3COM one and was once again assigned IP A.
The other day i hooked up my m0n0wall router again to do some configuration before placing it at a friends house for a while, for some experimentation with VPN, but now i'm assigned IP C despite the MAC address being the same as on the RB750/old 3Com nic. I tried to reset the mac address to default, but now wasn't getting an IP at all. Connected the RB750 again and eventually got IP A back. Now connected the WAN port of the m0n0wall router to my LAN and my computer to the LAN port of the m0n0wall router to verify it reports the mac address i've entered upon DHCP request. It does.
Today i installed the m0n0wall box at my friends house. My friend having the same ISP as i have. As i entered the mac address of my friends Netgear router i expected to get the same IP as the now disconnected Netgear router. Guess what, the m0n0wall box now get's IP C even though the router now is at a different location. Changed back to default and the router now get's IP B.
What's going on here? Does the ISP use anything else than the MAC address for device identification? Can it detect that the MAC has been spoofed?
In a few weeks time when i'm getting my m0n0wall box back i want to have the same IP address as i do now and have had for a long time. It did work at first when i installed the new m0n0wall router and entered the old 3Com MAC, but something obviously has happened..

(Your English is fine, but please use paragraphs next time to avoid the "Massive Block of Text" syndrome.)

Your IP address is dynamically assigned. You may be able to keep the same address for an extended period of time, provided your IPS allows it and your system is online whenever a DHCP renew message needs to be sent.

From what you've observed, it would seem your ISP is allocating addresses using a standard DHCP server with leases being assigned to MAC addresses. Once a lease expires, however, another customer may very well end up with "your" IP address. There's just no guarantee when it comes to dynamic allocation.

You may want to consider getting a statically assigned address, or you could use one of the many free DNS services (like Dyndns or No-IP) to get a hostname.

I'll think of that, but although i've never had any problems with spelling, i'm not very good at writing text, even in my native language.

Yes, i'm aware it's dynamically assigned, but it seems i get to keep the same ip as long as i don't change router, even at times when my modem and/or router have been disconnected for hours. My ISP doesn't offer fixed IP's on their *DSL services.
The strange thing here was that the m0n0wall box with the MAC address spoofed to the same one as on my old router and the RB750, doesn't get the same IP as the RB750/old router. Well, it did at first..

I've done some testing with m0n0wall. I connected an old notebook with two NIC's, running m0n0wall, to the Routerboard box so that m0n0wall gets it's WAN IP address assigned by RouterOS, which reports all details. Each time i changed settings in m0n0wall, i deleted the lease entry in RouterOS and rebooted m0n0wall. Here are the results:

1. MAC address in m0n0wall unchanged (using WAN NIC's physical address) - RouterOS reports the physical address, no hostname and no Active Client ID.

2. MAC address in m0n0wall set to 00:ef:cd:16:ab:74 (made up) - RouterOS reports 00:ef:cd:16:ab:74, no hostname, no Active Client ID.

3. MAC address in m0n0wall set to 00:ef:cd:16:ab:74, hostname set to "hitler" (just picked something:)) - RouterOS reports 00:ef:cd:16:ab:74, "hitler" as hostname and 68:69:74:6c:65:72 as Active Client ID.

4. MAC address in m0n0wall set to 00:ef:cd:16:ab:74, hostname cleared - same as point 2.

5. (This is where it becomes funny) MAC address field in m0n0wall cleared (set to physical address), hostname set to "hitler" - m0n0wall reports the physical address under "Interfaces" (as it should be), however, RouterOS reports just as in point 3.

6. MAC address field in m0n0wall still cleared (set to physical address), hostname cleared - Now RouterOS reports as in point 1.

7. MAC address field in m0n0wall still cleared (set to physical address), hostname set to "hitler" again - Now RouterOS reports what you would expect in point 5, i.e. the physical address, "hitler" as hostname and 68:69:74:6c:65:72 as Active Client ID.

Seems to be some issues with m0n0wall that might explain the problem.
What is Active Client ID, and how is it obtained?

If you're asking "is there a way to consistently get the same IP address from a service provider by tweaking MAC addresses or Client IDs", the answer is "no". You MAY be able to keep your address for an extended period of time, but all it takes to lose the address is to stay offline long enough for the address to be assigned to another customer.

Well, 68 69 74 6c 65 72 is the hex codes for the ASCII string "hitler".

A DHCP request packet may contain an optional "Client ID" field. Unless you tell your DHCP client otherwise, this field is either omitted or the DHCP client may choose to use the hostname or even the MAC address of the NIC. I don't think the standard mandates a specific behaviour on the part of the client, so results may be implementation-specific.

The RFC states that a DHCP Server "use this value to index their database of address bindings", which I take to mean that it takes precedence over the MAC address for identifying a client-IP binding. But then it also says that a Client ID MUST be unique, so I wouldn't be surprised if your ISPs DHCP service simply ignores this option.

Again, I'm not quite sure I understand the nature of the problem.

I see, figured it was something like that.

Seems that m0n0wall in some circumstances keeps using a spoofed MAC even after it has been cleared, points to a bit of unpredictable behaviour.

It's not a big issue as long as it doesn't change more often than say once every six months and i've had the current one for far longer than that. Just that i like the current, it's easy to remember:)