How the user gets into the user-table of the controller?

Aruba Employee
Q:

How does a user entry get into the user-table of the controller?



A:

If an IP packet is coming from either a wireless tunnel or an untrusted interface, the source IP of the packet will be placed into the user table starting with the initial role.

Then the user with this IP has to pass authentication if there's any. Once the authentication is passed, user will be placed into the authenticated role.

Version history
Revision #:
2 of 2
Last update:
‎10-18-2016 03:01 PM
Updated by:
 
Labels (1)
Contributors
Comments
Rhallan@atb.com

Somtimes one sees the wired ip of a client in the user-table even though the user is connected wireless, or the mobile device's non-wifi adress is in the user table. The clients are sending this inforamtion to the controller. Is it in the ARP packet ? How is this inforamtion picked up by the controller, exactly ? If one was to do a packet capture, where would one look for these non-wifi addresses being sent out by the clients ?

 

Unless the client sends any traffic with the source IP address of the wired/non-wifi interface, the controller will not know about it. 

The reason behind the wired IP address coming up in the user-table is because the client might have sent the the traffic with the source IP address of the wired interface with the MAC address of the wifi interface.

Packet capture can be enabled on the controller for the wifi mac address of the client to verify it.

Please refer the below article to enable datapath wifi capture. 

https://community.arubanetworks.com/t5/Controller-Based-WLANs/HOW-TO-DO-DATAPATH-PACKET-CAPTURE-FOR-WIRELESS-CLIENT-FROM/ta-p/179940 

 

If we need to prevent the wired IP from coming up in the user-table, we can enforce DHCP on the AAA profile so that the entry will be populated in the user-table only if the client has obtained IP address from DHCP. 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: