Security

Reply
Frequent Contributor I
Posts: 66
Registered: ‎05-12-2009

Guest Timeout

We have been facing an issue that may be related to inactivity on the guest network.  After a period of time guests are no longer able to communicate with the network.  The user still apears in the user table in the correct role however they cannot ping anything or browse the web.  They can be pinged by the controller.  The only way for them to function again is to disconnect from the SSID and connect and authenticate again.  This is very troublesome in meetings etc.  we have increased the user idle timeout value to 900 but it did not seem to help.  I am confused how a loptop that is not hibernating can be sending no traffic that would keep the connection alive.  Has anyone else experienced this?  It doesnt seem that this should be an expected behavior. I did notice the output below in the user debug output as the last communication from the client.

 

Jun 20 10:30:46 :501065:  <DBUG> |stm|   Get Next/Get Request mac is 00:1b:77:2c:3b:ff

Jun 20 10:40:59 :501065:  <DBUG> |stm|   Get Next/Get Request mac is 00:1b:77:2c:3b:ff

Jun 20 10:51:11 :501065:  <DBUG> |stm|   Get Next/Get Request mac is 00:1b:77:2c:3b:ff

Jun 20 11:01:23 :501065:  <DBUG> |stm|   Get Next/Get Request mac is 00:1b:77:2c:3b:ff

Jun 20 11:11:35 :501065:  <DBUG> |stm|   Get Next/Get Request mac is 00:1b:77:2c:3b:ff

 

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: Guest Timeout

I would recommend running a 'show datapath session table | include xxxxx'  where xxxx is the mac address or IP address for one of these clients.

 

This command will show you what traffic is being detected to/from each device.   

 

I would agree with you that its pretty -rare- to have a device truly being idle.... this command will show you what is coming and going.

 

Let's start with that.

Frequent Contributor I
Posts: 66
Registered: ‎05-12-2009

Re: Guest Timeout

Thanks for the input.  We have enabled debugging on the user mac and the output below points to a deauth from the client.  TAC is waiting for more output but feels this is when the disconnect occurs.  The real question now is why the deauth.  Drivers were mentioned however this is happening to more that the occasional client and the laptops are new.

 

(14:26:51): Jun 20 10:22:52 :501105:  <NOTI> |stm|  Deauth from sta: 00:1b:77:2c:3b:ff: AP 172.16.164.7-00:0b:86:38:70:73-BF-B3-Robb Reason Unspecified Failure Jun 20 10:22:52 :501065:  <DBUG> |stm|  Sending STA 00:1b:77:2c:3b:ff message to Auth and Mobility Unicast Encr WPA 8021X AES Multicast Encr Dynamic WPA,WPA2 8021X TKIP VLAN 0x4, wmm:0, rsn_cap:0

Search Airheads
Showing results for 
Search instead for 
Did you mean: