Command of the Day

Reply
Guru Elite
Posts: 21,499
Registered: ‎03-29-2007

COTD: aaa user fast-age

When connecting to wireless, Microsoft Windows will typically leak traffic from all interfaces, creating users in the Aruba user-table that have the same MAC address, but wired or VMWARE ip addresses. These duplicate ip addresses can stay up to 5 or 7 minutes until they age out of the user table. The "aaa user fast-age" configuration command will actively send traffic to those duplicate sessions and will immediately remove them from the user table, quickly.

***Care should be taken when using this when terminating client VPN sessions directly on the Aruba controller. Client VPN users that terminate on the Aruba controller have an inner IP address, as well as an outer IP address in the table. If the user has Windows Firewall enabled so that it doesn't return pings from the inner IP address, it will not return pings and the client will be disconnected. In that case you would use the "no user aaa fast-age" command. By default (Thanks to the guys from EMEA for pointing this out).


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎09-02-2009

Command

The Command Reference guide says the command is:

aaa user fast-age
Guru Elite
Posts: 21,499
Registered: ‎03-29-2007

aaa user fast age

You are correct. I could not go back and change the thread name, unfortunately. Maybe the forum gods will save me and do that.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 24
Registered: ‎04-03-2007

Re: COTD: aaa user fast-age

Would the windows firewall cause problems with this command? By default the windows firewall will not answer ICMP echo requests. How do the Windows clients and Aruba controller interact if the real IP will not answer ICMP?
Guru Elite
Posts: 21,499
Registered: ‎03-29-2007

Passing Traffic

The controller would only have to ping users if they are not passing traffic. Windows, MAC clients are always doing this.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 50
Registered: ‎04-29-2008

Re: COTD: aaa user fast-age




Blabbermouths.:)

Occasional Contributor II
Posts: 44
Registered: ‎04-02-2007

Re: COTD: aaa user fast-age




ehhhhhhh I'm a little scared of this assumption. I assume we're talking 802.3 traffic here, not control/mgmt frames, and while Windows is indeed a chatterbox, I've seen some pretty quiet Macs when running packet captures (turn off all sharing, bonjour and ipv6 - our desktop admin group does this by default).

I just tried to RTFM to learn more about this interesting command, but the CRG is pretty terse. How many missed pings does it take for the user to age out? How long can an IP go without sending traffic before the ping-check kicks in?

Search Airheads
Showing results for 
Search instead for 
Did you mean: