ArubaOS and Controllers

Reply
Aruba Employee

DHCP lease time & user idle timeout period

User A connecting to ssid-1 gets an IP address A1 from internal DHCP.
If a user A’s DHCP lease expires & during this time he moves to a different location thereby falling under a different vap & a different VLAN, he will get a new IP address. But user A entry in the user table stays till ‘user idle timeout’ period.
At this time if another user B moves in & gets an IP address that the user A had earlier. Will the new user be considered a spoofed user & denied access to the network ? will there be IP conflict situation since 2 users are getting the same IP address ?
I explain the same query in a different way below for better undertanding:
Consider this:
VAP-1, SSID-1, VLAN-1, DHCP-Pool-1: range A1 to A10
VAP-2, SSID-1, VLAN-2, DHCP-Pool-2:range B1 to B10
User:A connects to SSID-1 & gets an IP address from VLAN-1 subnet, say IP address A1. A user-table entry is created.
At the end of the DHCP lease time user A moves & gets a new IP address from VLAN-2 subnet, say IP address B1. At this time User A’s entry remains in the user-table till ‘user idle timeout’.
If at this time User B moves in & gets an IP address A1 from VLAN-1 subnet i.e user-B gets old IP address of user A. However the old user-table entry for user-A still holds & maps IP address A1 to user-A.
What will happen in this case with IP spoofing enabled & when it’s disabled ?
Will there be an IP conflict situation till the user-table entry is updated ?
-vab
Contributor I

Re: DHCP lease time & user idle timeout period

Hey

I would like to know what happens in this case as well, what I know that user will keep the A1 IP address as the user table remains. Unless you have configured IP mobility domains to do something different.




User A connecting to ssid-1 gets an IP address A1 from internal DHCP.
If a user A’s DHCP lease expires & during this time he moves to a different location thereby falling under a different vap & a different VLAN, he will get a new IP address. But user A entry in the user table stays till ‘user idle timeout’ period.
At this time if another user B moves in & gets an IP address that the user A had earlier. Will the new user be considered a spoofed user & denied access to the network ? will there be IP conflict situation since 2 users are getting the same IP address ?
I explain the same query in a different way below for better undertanding:
Consider this:
VAP-1, SSID-1, VLAN-1, DHCP-Pool-1: range A1 to A10
VAP-2, SSID-1, VLAN-2, DHCP-Pool-2:range B1 to B10
User:A connects to SSID-1 & gets an IP address from VLAN-1 subnet, say IP address A1. A user-table entry is created.
At the end of the DHCP lease time user A moves & gets a new IP address from VLAN-2 subnet, say IP address B1. At this time User A’s entry remains in the user-table till ‘user idle timeout’.
If at this time User B moves in & gets an IP address A1 from VLAN-1 subnet i.e user-B gets old IP address of user A. However the old user-table entry for user-A still holds & maps IP address A1 to user-A.
What will happen in this case with IP spoofing enabled & when it’s disabled ?
Will there be an IP conflict situation till the user-table entry is updated ?
-vab


Aruba Employee

Re: DHCP lease time & user idle timeout period

Reading this a couple of times--the least for the original IP will still be active, and should be longer than the 5 min user-table idle time....so the original IP won't be handed out again until the end of the lease....
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: