Wireless Access

Hi All,.

Please help to troubleshoot an issue facing by some users at a time.

Users lost connectvity and getting Apipa ip address while connecting to only Guset SSID.WLC details are below

AOS-W (MODEL: OAW-4704-US), Version 6.2.1.3.

This issue is intermittent and occuring from days.
any kind of help is really appreciated.

What is providing the DHCP for the Guest VLAN? Do you have any more information on your set up and any other troubleshooting steps? Are  you seeing these apipa addresses on mobile devices only?

It looks like OAW-4704-US is Alcatel-Lucent model? The ArubaOS code 6.2.1.3 is very old as well.

Hi zalion0,

Thanks alot for the reply.

WLC configured as  DHCP server and providing ips to Guest VLAN.
we have enabled logs for one user but nothing abnormal found.
we are getting these apipa addresses on some user laptops and the issue is intermittent.
Also having ample of ip space for this Guest VLAN.

How long has this been going on?  How long has the guest network been operational?

Hi CJoseph,

This issue is intermittent and having from around 3 months.

What is your lease time?

What are the ACLs for the guest role?  (type "show rights <guest role>") on the commandline.

If you need immediate help, you should open a TAC case in parallel..

Please check below output.

show rights guest

Derived Role = 'guest'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 3/0
Max Sessions = 65535

access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 http-acl session
2 https-acl session
3 dhcp-acl session
4 icmp-acl session
5 dns-acl session
6 v6-http-acl session
7 v6-https-acl session
8 v6-dhcp-acl session
9 v6-icmp-acl session
10 v6-dns-acl session

http-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-http permit Low 4
https-acl
---------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-https permit Low 4
dhcp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-dhcp permit Low 4
icmp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-icmp permit Low 4
dns-acl
-------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-dns permit Low 4
v6-http-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-http permit Low 6
v6-https-acl
------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-https permit Low 6
v6-dhcp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-v6-dhcp permit Low 6
v6-icmp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-v6-icmp permit Low 6
v6-dns-acl
----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-dns permit Low 6

Expired Policies (due to time constraints) = 0

Hi,

1. Please check the output for the following command to see if there are available addresses in the DHCP Pool

show  ip dhcp statistics

if there are no free addresses, you can probably  reduce the least time for the guest users or increase the size of the guest subnet & reconfigure DHCP pool accordingly (make sure if subnet change is done, it should be done across all the l3 interfaces which have IP on the guest subnet).

2. If there are free addresses & client sitll gets an APIPA address, get the following outputs while the client is stuck in getting an IP address:

config# logging level debugging network process dhcpd subcat all

# show station-table | include <mac-address of user>

# show log network all | include <nac-address of client>

HI,

There are many free ip addresses in Guest and as i mentioned before the issue is intermittent.

logging is already enabled and i will share the logs once the issue is occured.

Thanks for  the support.

Do you have "Drop Broadcast and Known Multicast" enabled on that Virtual AP, and all of your Virtual APs?