Wireless Access

Reply
4me
Contributor I
Posts: 48
Registered: ‎01-23-2015

Client disconnects

Hi,

 

We have an issue with client connecting to wireless network. When clients connects to wireless network through captive portal (web authentication) and out of wireless network for 30 mintues or 1 hour, when the client came back to range, the client need to start authentication from first, I.e connecting to network and going to captive portal for web authencation.

We have configured global user idle timeout value to 3600 seconds and Captive portal user idle timeout 18000 seconds  and DHCP lease timeout is set to one hour.

Here we can able to  another session on user table  with different IP  and with same mac (one mac address)

 

example :

 

192.168.1.1   ff:ff:ff:ff:ff:ff

192.168.2.1  ff:ff:ff:ff:ff:ff

Guru Elite
Posts: 8,445
Registered: ‎09-08-2010

Re: Client disconnects

Do you have ClearPass?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
4me
Contributor I
Posts: 48
Registered: ‎01-23-2015

Re: Client disconnects

No, We do not have clear pass 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: Client disconnects

[ Edited ]

(BTW: what ArubaOS version are u using?)

(BE SURE YOUR DHCP SERVER can see your client broadcasts)

 

Now what i think causing this:  

You made your IDLE timeouts with very HIGH values = your client info keep saved in the client/user DB of your controller BUT you made your DHCP lease time , very low = 1 hour.
This causing the user that leaving for 1 hour to lose is address,but not to be deleted from the client/user DB of your controller.

 

Read more here: (Fix your settings - and everything will work as needed)

 

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/DHCP-lease-time-amp-user-idle-timeout-period/td-p/987

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Idle-Timeout-and-Logon-Lifetime-can-t-be-longer-than-DHCP-lease/td-p/60786

http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/DHCP-STRANGE-ISSUE/td-p/63272

 

Update us that you understood,and your issue has been fixed.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
4me
Contributor I
Posts: 48
Registered: ‎01-23-2015

Re: Client disconnects

Usually, when the client authenticated   to wireless network and out of wireless network range and back to range after one hour the existing session which is already in user table should continue, is no matter whether client will release ip or renew ip.

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: Client disconnects

But you got SPI firewall in your controller that is prohibiting IP spoofing (1 MAC = 2 Ip address) and with your DHCP settings of 1 hour, your controller will see same MAC getting a new IP after 1 hour...so it dosent matter that he already auth or in the client session.

 

read here:

http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-can-the-firewall-feature-Prohibit-IP-Spoofing-cause-valid/ta-p/180230

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: