06-25-2014 07:33 AM
Since we updated to the 220.127.116.11 code, we have to keep an eye on the DHCP leases. Currently we have it set to 1 hour lease time and global idle timeout at 450 seconds and the DHCP server is from the controller (6000/M3). For example, I run show ip dhcp statistics and shows that there are 143 actives leases. Then I run show ap essid, it shows that there are 71 clients on the guest. I have run aaa user delete role role_name and clear ip dhcp binding to clear everything. TAC said to add aaa fast-age to the configuration which I have done along with lowering the global idle-timeout and lease times to their current levels.
The most guest devices we have had in one day is 110. I am looking to see what can be done to clear the bindings that have not been used for an mong of time other than the global idle-timer only release the bindings for these devices. Or can the controller run a clear ip dhcp bindings when free leases get to a certain number?
06-26-2014 09:06 AM
I know that the M3 is able to handle 512 DHCP leases. I have (2) 256 DHCP Pools on it. One pool is for Guest and the other is for APs to failover to when the other controller goes down. Could I over subscribe the Guest DHCP pool to 512 and keep the AP failover set to 256, because the AP pool is not used until we do an upgrade. Would this be possible?
06-26-2014 09:26 AM
Your long-term solution is an external DHCP server. If you need redundancy, it is cutting your already limited space into two; that is in addition to your clients not being able to keep the same ip addresses.
You cannot setup any pools that would put the unused number of ip addresses over the limit.
An external DHCP server is in your future, based on what you just described...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
06-27-2014 05:32 AM
Do you have a captive portal page on your guest network?
We had capacity issues after we removed our captive portal. Mobile devices today try to connect to every open SSID they see & check if they have Internet access. This consumes a DHCP address. If you have a captive portal, the device appears to "give up" checking that SSID, at least for a period of time. We have found this has a large impact on DHCP address usage.
06-27-2014 05:39 AM
Are you using ClearPass? You can add some logic that puts devices that normally connect to your secure 1X network into a denyall role if they connect to your open/guest network which will deny them from getting a DHCP address.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
07-03-2014 09:32 AM
No, we are not using ClearPass.
Bosborne - we are using a captive portal page. But I have noticed the Apple devices will stay at the page, because the device is set to ask to join network, which takes an IP away from the pool.