Wireless Access

Reply
Occasional Contributor I
Posts: 5
Registered: ‎04-21-2017

Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

Hi All,.

Please help to troubleshoot an issue facing by some users at a time.

Users lost connectvity and getting Apipa ip address while connecting to only Guset SSID.WLC details are below

AOS-W (MODEL: OAW-4704-US), Version 6.2.1.3.

This issue is intermittent and occuring from days.
any kind of help is really appreciated.

 
MVP
Posts: 399
Registered: ‎07-26-2011

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

What is providing the DHCP for the Guest VLAN? Do you have any more information on your set up and any other troubleshooting steps? Are  you seeing these apipa addresses on mobile devices only?

 

It looks like OAW-4704-US is Alcatel-Lucent model? The ArubaOS code 6.2.1.3 is very old as well.

ACMA, ACMP
If my post addresses your query, give kudos:)
Occasional Contributor I
Posts: 5
Registered: ‎04-21-2017

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

Hi 

WLC configured as  DHCP server and providing ips to Guest VLAN.
we have enabled logs for one user but nothing abnormal found.
we are getting these apipa addresses on some user laptops and the issue is intermittent.
Also having ample of ip space for this Guest VLAN.

 

Guru Elite
Posts: 21,267
Registered: ‎03-29-2007

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

How long has this been going on?  How long has the guest network been operational?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-21-2017

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

Hi CJoseph,

This issue is intermittent and having from around 3 months.

Guru Elite
Posts: 21,267
Registered: ‎03-29-2007

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

What is your lease time?

What are the ACLs for the guest role?  (type "show rights <guest role>") on the commandline.

If you need immediate help, you should open a TAC case in parallel..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 5
Registered: ‎04-21-2017

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

Please check below output.

show rights guest

Derived Role = 'guest'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 3/0
Max Sessions = 65535


access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 http-acl session
2 https-acl session
3 dhcp-acl session
4 icmp-acl session
5 dns-acl session
6 v6-http-acl session
7 v6-https-acl session
8 v6-dhcp-acl session
9 v6-icmp-acl session
10 v6-dns-acl session

http-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-http permit Low 4
https-acl
---------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-https permit Low 4
dhcp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-dhcp permit Low 4
icmp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-icmp permit Low 4
dns-acl
-------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-dns permit Low 4
v6-http-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-http permit Low 6
v6-https-acl
------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-https permit Low 6
v6-dhcp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-v6-dhcp permit Low 6
v6-icmp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-v6-icmp permit Low 6
v6-dns-acl
----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 any any svc-dns permit Low 6

Expired Policies (due to time constraints) = 0

 

Aruba Employee
Posts: 196
Registered: ‎03-26-2013

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

Hi,

 

1. Please check the output for the following command to see if there are available addresses in the DHCP Pool

 

show  ip dhcp statistics

 

if there are no free addresses, you can probably  reduce the least time for the guest users or increase the size of the guest subnet & reconfigure DHCP pool accordingly (make sure if subnet change is done, it should be done across all the l3 interfaces which have IP on the guest subnet).

 

2. If there are free addresses & client sitll gets an APIPA address, get the following outputs while the client is stuck in getting an IP address:

 

config# logging level debugging network process dhcpd subcat all

 

# show station-table | include <mac-address of user>

# show log network all | include <nac-address of client>

Occasional Contributor I
Posts: 5
Registered: ‎04-21-2017

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

HI,

There are many free ip addresses in Guest and as i mentioned before the issue is intermittent.

logging is already enabled and i will share the logs once the issue is occured.

Thanks for  the support.

 

Guru Elite
Posts: 21,267
Registered: ‎03-29-2007

Re: Aruba Controller Users lost connectivity and not getting ip address using Guest SSID

Do you have "Drop Broadcast and Known Multicast" enabled on that Virtual AP, and all of your Virtual APs?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: