Wireless Access

Reply
Occasional Contributor II
Posts: 41
Registered: ‎12-09-2016

Client IP DHCP Issue/Re-Authentication while roaming

We have a SSID/profile setup for our corp and byod networks, corp using 802.1x Eap-TLS and byod using EAP-PEAP. We have two different DHCP scopes for each network. The BYOD network is dedicated for handheld devices and personal devices. 


We are getting (mainly android) devices that when they roam between AP's, they get a "obtaining IP address" and no connectivity. They authenticate fine in ClearPass, but can't connect or get an IP. 


Thought it was the DHCP server/scope so we threw it on the controller itself. I just enabled "Enforce DHCP" for the SSID/Profile and will see if that makes a difference. We have another SSID for PSK authentication with a DHCP scope on another router....have no issues with that.

 

I also noted that when the clients roam they are re-authenticating over and over again...and possibly this could be leading to this issue. Any thoughts?

Highlighted
Guru Elite
Posts: 21,026
Registered: ‎03-29-2007

Re: Client IP DHCP Issue/Re-Authentication while roaming

- When did this start happening?

- Do you have the VLAN hardcoded into the role?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 41
Registered: ‎12-09-2016

Re: Client IP DHCP Issue/Re-Authentication while roaming

Thanks Colin for the response. 


Yes, there is a vlan hardcoded in role. We have clearpass passing the user role and within the user role/policy we have a vlan hardcoded to place users on.


We stood up this test SSID a few weeks ago. We had one user in the beginning who had this problem and chalked it up as to his phone. Then yesterday and today I experienced it as well as others. It now is across android and iOS. It happens only when moving around between AP's it seems.

Guru Elite
Posts: 21,026
Registered: ‎03-29-2007

Re: Client IP DHCP Issue/Re-Authentication while roaming

What you should do is, instead of hardcoding the VLAN in the role, you should return the VLAN (the Aruba-User-Vlan attribute), instead in the radius response along with the role.  Having it in the role could possibly result in what you are seeing.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 41
Registered: ‎12-09-2016

Re: Client IP DHCP Issue/Re-Authentication while roaming

Thanks for the information. I have put the role on Clearpass to pass to the controller and took off the vlan assignment on the controller for that role. I will see how it plays out tomorrow when people are in. Thanks for the help!
Occasional Contributor II
Posts: 41
Registered: ‎12-09-2016

Re: Client IP DHCP Issue/Re-Authentication while roaming

Thanks for the information. I have put the role on Clearpass to pass to the controller and took off the vlan assignment on the controller for that role. I will see how it plays out tomorrow when people are in. Thanks for the help!
Occasional Contributor II
Posts: 41
Registered: ‎12-09-2016

Re: Client IP DHCP Issue/Re-Authentication while roaming

So taking the hardcoding of the vlan off of the role didn't work. We are still experiencing issues.


It is very strange. We are trying to do debugs on the controller to find out what's going on. But the user gets authenticated, but the phone shows "obtaining IP address." The DHCP server is on the controller and should be getting it fine. We enabled "enforce DHCP" on the profile/role as well.


We also disabled 3/4G on the phones and same issue. We saw once that a host was actually getting a 100.109.x.x IP....which isn't in our scope at all.

 

We are trying to look at show commands and debugs but nothing noteworthy happening.

Guru Elite
Posts: 21,026
Registered: ‎03-29-2007

Re: Client IP DHCP Issue/Re-Authentication while roaming

Are the roles completely open? (allowall)



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 41
Registered: ‎12-09-2016

Re: Client IP DHCP Issue/Re-Authentication while roaming

The role in question that's having issues isn't allow all. However, we have allow DNS and DHCP, block all internal IP's, then allow all. So trying to allow only the needed protocols/IP's and allow everything else.
Guru Elite
Posts: 21,026
Registered: ‎03-29-2007

Re: Client IP DHCP Issue/Re-Authentication while roaming

Do you have the output of "show rights <role>"?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: