Why are Cisco switch ARP probes causing Windows DHCP conflicts?

In this topic, you will learn why Windows devices encounter IP address conflicts during 802.1X reauthentication on Cisco switches due to ARP probe timing.

Windows devices may receive bad IP addresses or encounter IP conflicts when reauthenticating via 802.1X on Cisco switches. Users often have to release/renew the IP address or reboot the device to regain network access.

This issue happens because Cisco switches send ARP probes for IP device tracking while Windows performs duplicate IP address detection. Windows interprets these probes as duplicate addresses, blocking the DHCP process until the conflict is resolved.

This applies to all Cisco switch platforms, including the 2900, 3500, 3700, 4500, and 6500 series.

To resolve this problem:

  1. Access the Cisco switch CLI.
    For example: 
    ssh admin@10.0.95.7
  2. Enter global configuration mode.
    For example: 
    configure terminal
  3. Navigate to the affected access interface.
    For example: 
    interface GigabitEthernet1/0/10
  4. Configure the ARP probe delay.
    For example: 
    ip device tracking probe delay 10
    Note:
    You can set the delay to be between 0 and 120 seconds. We recommend 10 seconds, but you can set it to 15 seconds for added safety.
  5. Save the configuration and verify client connectivity.
    For example: 
    write memory