ArubaOS and Controllers

Reply
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Strange Client IP addresses

I have noticed that on several of our SSIDs we will have people connect and in the Controller -> Clients section as I review the IP addresses I see 169.x.x.x addresses and others that are not part of any of our IP schemes (one even showed up as 8.8.8.8)

Now our users are needy - so I know I'd hear about it if they can't access the internet, so any ideas what could be causing these strange IP addresses to be showing up?
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Strange Client IP addresses


I have noticed that on several of our SSIDs we will have people connect and in the Controller -> Clients section as I review the IP addresses I see 169.x.x.x addresses and others that are not part of any of our IP schemes (one even showed up as 8.8.8.8)

Now our users are needy - so I know I'd hear about it if they can't access the internet, so any ideas what could be causing these strange IP addresses to be showing up?




How does your DHCP scope look? Are you running out of address?

That would explain the 169.x.x.x. The 8.8.8.8 could be someone hacking, catching anyone who tries to use Google's DNS server, 8.8.8.8. Investigate that client further, or permanently disable them!

Zach
Thanks,

Zach Jennings
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Re: Strange Client IP addresses

We have lots of IP addresses in the DHCP scope, sometimes they show up as 192.168.1.x address (which we don't use here) so it makes me think it is off the an old DHCP release from home networks or something.

As for the 8.8.8.8 I generally black list them to fix that problem :) I like to rule with an iron fist.
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Strange Client IP addresses

There is a way to allow only the subnets you want on your WLAN(s). You can edit the ACL called "validuser" and add an entry to allow only valid subnets. The best way to do that is to create an alias, add each valid network for your WLAN to it, then add an ACL line to "validuser" that says "alias mynets any any permit" (where mynets is the name of the alias you created).

This ACL is special and will deny any user trying to register with an IP address that is not explicitly permitted. By default, the validuser ACL will permit SVC-PAPI, deny all 169.254.x.x (DHCP self-assigned) addresses and then allow everything else.

Remove the "any any any permit" line from the end, add the entry described above and you will stop seeing invalid addresses show up.

Just make 100% certain you add ALL WLAN subnets to the mynets (or whatever you called it) alias.
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Strange Client IP addresses

BTW - this is described in the 6.1 user guide on page 807.
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Strange Client IP addresses


We have lots of IP addresses in the DHCP scope, sometimes they show up as 192.168.1.x address (which we don't use here) so it makes me think it is off the an old DHCP release from home networks or something.

As for the 8.8.8.8 I generally black list them to fix that problem :) I like to rule with an iron fist.




Hah! I totally agree with that one. Kind of like the way that I keep DDoSing one department's AirPort Extreme. Every month or two, they buy a new one (or trade that one in because it's "broken"). I see the mac address change and just block it again. :)

Zach
Thanks,

Zach Jennings
Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Re: Strange Client IP addresses




Thanks olino. I guess I haven't gotten to page 807 yet :) Oh and we are stuck on 5 code... Regardless I appreciate the advise and source.

Frequent Contributor I
Posts: 65
Registered: ‎09-29-2010

Re: Strange Client IP addresses

Implemented and working! Thanks again!
Search Airheads
Showing results for 
Search instead for 
Did you mean: