Network Management

Reply
Frequent Contributor II

Why do some of my clients report 2 LAN IP addresses?

Airwave reports a number of clients with 2 IP addresses. I am trying to track down a recurring broadcast storm that clears when I momentarily disconnect the controller, and so I am trying to answer all "that's weird" questions.

 

Some of these, both addresses are pingable. Some report one address timing out and the other is unreachable. End devices run the gamut - iPhone, Anrdoid, Windows 7. About 10% of clients have 2 IP LAN Addresses reported by airwave.

Moderator

Re: Why do some of my clients report 2 LAN IP addresses?

Hi Kevets

2 IP from your user subnets, or, 1 IP from user vlan scopes, and 1 UFO from 'somewhere'?  Both are common, reasons are different, let me know which, can make some suggestions.

regards

-jeff

Frequent Contributor II

Re: Why do some of my clients report 2 LAN IP addresses?

I have all four of these scenarios:

- 2 IPs on my default VLAN 1's DHCP address scope

- 1 on the internal scope and 1 on the guest scope

- guest IP + something off net like 192.168 or even a routable IP

- internal IP + something off net like 192.168 or even a routable IP

 

But it's really the first one that is concerning me.

 

Thanks!

 

Moderator

Re: Why do some of my clients report 2 LAN IP addresses?

 

- 2 IPs on my default VLAN 1's DHCP address scope

>> this is potentially trickier - possible causes including 2 controllers serving APs at same location , with vlan pooling but different vlans configured. Could also be due to use of even vlan pooling without preserve vlan. May i suggest getting syslog setup, even if temporarily, and sending the output of "logging level debugging user" to the syslog, this may aid in backtracing the cause of this if none of the above jump out as possible causes. I may also be missing something obvious, maybe others will chime in here too.

 

- 1 on the internal scope and 1 on the guest scope

>> I am assuming internal scope means something you expect for clients doing PEAP or something like this, guest being guest. This could be due to clients having both configured/have connected to both at some point. Potentially you could try something like adding a space on the end of the guest ESSID which might stop people for a while moving between the two. I suppose you could also check in Airwave to see if these are legit connections to guest, or this could also be due to the same as below for the 'offnet' case, depending the subnet of your guest network.

 

- guest IP + something off net like 192.168 or even a routable IP

- internal IP + something off net like 192.168 or even a routable IP

 >> in these two cases, likely it's leakage from the clients 3g/4g IP, virtual machines, VPNs etc. The typical case is you see random ip's like 192.168.56.x which is coming usually from vmware on machines

 

To deal with this - you should configure a validuseracl allowing the DHCP subnets and specifically denying protected hosts (i.e. default gateways within the vlan, RADIUS if it's on any user subnet etc).

 

If you're not familiar with validuseracl, let me know, I will post here about it.

 

regards

-jeff

 

 

 

 

Frequent Contributor II

Re: Why do some of my clients report 2 LAN IP addresses?

wow, many thanks!

 

I just have the 1 controller. I am syslogging the controller currently (and wow, does it spew the info!). I'll see about adding the debugging user.

 

I am out of my depth quickly with Aruba, so it might take a while to figure out VLAN preserve. I am attaching my 7210's config file.

 

My guest SSID comes over a tunneled VLAN and they get their addresses from the 7210. My Private SSID is VLAN 1 and it gets addresses from my DHCP server.

 

I am having some strange network problems, and if I pull the Aruba controller interface for a few seconds, it clears my problems (which are manifest as a broadcast storm and spanning tree flapping). I generally only have that problem once or twice in the opening hours of the business, and once I clear it with the controller cable pull, it's good until the next day. I've been chasing any number of possibilities, so now am wondering if I have a wired+wireless PC that is somehow causing a loop on power-up

 

Moderator

Re: Why do some of my clients report 2 LAN IP addresses?


Kevets wrote:

wow, many thanks!

 

I just have the 1 controller. I am syslogging the controller currently (and wow, does it spew the info!). I'll see about adding the debugging user.

 

I am out of my depth quickly with Aruba, so it might take a while to figure out VLAN preserve. I am attaching my 7210's config file.

[-jeff] ignore about the preserve vlan (you only have one). Based on your config, seems maybe nothing as complicated as I was thinking. is there any possibility of another DHCP server on vlan 1?

 

My guest SSID comes over a tunneled VLAN and they get their addresses from the 7210. My Private SSID is VLAN 1 and it gets addresses from my DHCP server.

 

I am having some strange network problems, and if I pull the Aruba controller interface for a few seconds, it clears my problems (which are manifest as a broadcast storm and spanning tree flapping). I generally only have that problem once or twice in the opening hours of the business, and once I clear it with the controller cable pull, it's good until the next day. I've been chasing any number of possibilities, so now am wondering if I have a wired+wireless PC that is somehow causing a loop on power-up

[-jeff] i see you have bcmc-opt turned on in the vlans, please also go to each virtual-ap profile and enable "Broadcast Filter All". This may help any problem with a bridged client causing a problem. It is also good practice, keeps various L2 junk off the WLAN (like bpdus etc.)

 


 

Frequent Contributor II

Re: Why do some of my clients report 2 LAN IP addresses?

thanks so much Jeff. Any details you can post on validuser acl would be appreciated. Maybe something I could cut and paste into a cli config? The controller screens are too many!

 

I only have a Windows Server domain controller providing DHCP leases on VLAN 1.

Frequent Contributor II

Re: Why do some of my clients report 2 LAN IP addresses?

I'm probably looking in the wrong place, but I don't see "broadcast filter all"

 

In VAP, I see 3 related options:

Dynamic/Multicast Optimization (currently off)

Drop Broadcast and unknown multicast (currently off)

Convert broadcast ARP request to unicast (currently on)

Frequent Contributor II

Re: Why do some of my clients report 2 LAN IP addresses?

should my "Forward Mode" in VAP's that use VLAN 1 be set to tunnel? That's how they are currently

Moderator

Re: Why do some of my clients report 2 LAN IP addresses?

In VAP, I see 3 related options:

Dynamic/Multicast Optimization (currently off)

Drop Broadcast and unknown multicast (currently off)

Convert broadcast ARP request to unicast (currently on)


it is the middle one (sorry, in the CLI it's called broadcast filter all). "Drop broadcast and unknown multicast" - enable it.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: