ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 9
Registered: ‎07-27-2010

Erroneous VLAN tagging

We are seeing some strange behavior. Our DHCP server logs indicate that the Controller is sending out DHCP requests tagged with VLAN tags the SHOULD NOT be assigned. For instance we have a VLAN 502 configured on our controller, but no one is configured to authenticate and be assigned to that subnet/VLAN. We have upgraded to 5.0.4.1 but no relief from this (bug?). We have ticket open but so far with all due respect we haven't gotten anywhere. The thing that makes this urgent is that we have complaints that the whole 802.11 network is slow for students at night. We know we need to re-subnet their dhcp blocks/subnets to class c's to but down on broadcast traffic etc but we cannot definitively say that is real problem before we solve this false vlan tagging issue. Any suggestions?

Thanks,

Brian
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Erroneous VLAN tagging

Are you saying that users get placed into VLAN 502?

Do you have a helper address assigned to VLAN 502?

Do your students use applications that need broadcast or multicast? If not, you can turn on the "drop bcast/mcast" feature and keep you existing subnet size.
Occasional Contributor I
Posts: 9
Registered: ‎07-27-2010

Re: Erroneous VLAN tagging

The user gets no love. The user does a dhcp request to renew say a vlan 401 address. The controller takes that dhcp request and tags it with a vlan 502 id therefore that request hits my router's/switches vlan 502 interface on which dhcp helper is configured then by the time my dhcp server sees the request it sees it as coming from the wrong network and that user gets hosed...
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Erroneous VLAN tagging

That's pretty strange. Can you put the ip helper on the VLAN 401 interface on the controller?

Not sure why packets would end up on 502 unless it is some strange natvie VLAN mismatched situation.
Occasional Contributor I
Posts: 9
Registered: ‎07-27-2010

Re: Erroneous VLAN tagging

I do not have interfaces configured on the Controller for the various user vlans, that is done at the core on my Cisco. Where/what should I be looking for to detect a native vlan mismatch problem?

thanks,

b
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: Erroneous VLAN tagging

Configure DHCP debugging to see why this is happening:

config t
logging level debugging network subcat dhcp
logging level debugging network process dhcpd

show log network 50


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎07-27-2010

Re: Erroneous VLAN tagging

I have used that debug and the output only confirms that user's dhcp requests are getting tagged with vlan id's the user should never get

Oct 11 14:01:20 :202536: |dhcpdwrap| |dhcp| Datapath vlan502: REQUEST 40:d3:2d:c6:6a:fd reqIP=148.85.249.171 -- this IP address is in a different vlan altogether there is no good reason why his request to re-obtain an IP be tagged with the vlan 502 ID...

Oct 11 14:01:20 :202548: |dhcpdwrap| |dhcp| Datapath vlan502: NAK 40:d3:2d:c6:6a:fd clientIP=0.0.0.0
Oct 11 14:01:20 :202548: |dhcpdwrap| |dhcp| Datapath vlan502: NAK 40:d3:2d:c6:6a:fd clientIP=0.0.0.0
Oct 11 14:01:20 :202534: |dhcpdwrap| |dhcp| Datapath vlan502: DISCOVER 40:d3:2d:c6:6a:fd
Oct 11 14:01:21 :202546: |dhcpdwrap| |dhcp| Datapath vlan502: OFFER 40:d3:2d:c6:6a:fd clientIP=148.85.191.198
Oct 11 14:01:21 :202546: |dhcpdwrap| |dhcp| Datapath vlan502: OFFER 40:d3:2d:c6:6a:fd clientIP=148.85.191.106
Oct 11 14:01:22 :202536: |dhcpdwrap| |dhcp| Datapath vlan502: REQUEST 40:d3:2d:c6:6a:fd reqIP=148.85.191.106
Oct 11 14:01:22 :202544: |dhcpdwrap| |dhcp| Datapath vlan502: ACK 40:d3:2d:c6:6a:fd clientIP=148.85.191.106 -- and then because this users dhcp disc is tagged for vlan 502 the routers vlan 502 interface ip helper's it to the dhcp server the server then sees it as coming from the vlan 502 int and tries to issue a 502 address that user will NOT work with that IP so I have users going up and down...
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: Erroneous VLAN tagging

Turn on debugging for the actual user when the user attaches.

config t
logging level debugging user-debug
show log user-debug 50

That will show you how and why the user gets into the VLAN he gets into.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎07-27-2010

Re: Erroneous VLAN tagging

Well, and therein lies the problem there are a few thousand users and only a few get the wrong vlan tags at random. So there is no "user" that I can debug to expect to see why this is happending I can only observe that it happens to random users!
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

Re: Erroneous VLAN tagging

Okay.

1. Turn on user debugging:

config t
logging level debugging user

2. Send all syslog output to a syslog server to examine later.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: