Wireless Access

Reply
Contributor I
Posts: 28
Registered: ‎07-27-2010

Clients not getting an IP address

We have some clients that work fine using 802,1X auth (EAP-TTLS(PAP)) and intermittently they will just not be able to get an IP address.  I put the MAC address in debug on the local controller and I see successful authentication as well as a DHCP address being handed out by my DHCP server, but the client never sees it.  ?? 

 

I did notice that from time to time I get RADIUS Accounting messages during the relative window when they aren't working (see we get the acct-start message because there is successful authN from the RADIUS server).  The messages will have a 'filter-id' item in it.  Anyone know if there's anything about that?

 

Mon May 21 09:41:07 2012
        NAS-IP-Address = 128.91.243.89
        User-Name = "deke"
        NAS-Port = 0
        NAS-Port-Type = Wireless-IEEE-802-11
        Acct-Session-Id = "dekeA4670678284A-19ACE"
        Acct-Multi-Session-Id = "A4670678284A-0000186714"
        Framed-IP-Address = 165.123.70.138
        Calling-Station-Id = "A4670678284A"
        Called-Station-Id = "000B860C9020"
        Acct-Delay-Time = 5
        Aruba-Essid-Name = "AirPennNet"
        Aruba-Location-Id = "fulberts"
        Aruba-User-Vlan = "<0><0><1><244>"
        Acct-Status-Type = Alive
        Filter-Id = "<254><128><0><0><0><0><0><0><166>g<6><255><254>x(J"
        Acct-Input-Octets = 7163
        Acct-Output-Octets = 9239
        Acct-Input-Packets = 57
        Acct-Output-Packets = 28
        Acct-Session-Time = 4
        Timestamp = 1337607662

 

Here's a message from a usual good auth from the same user:

Mon May 21 09:40:58 2012
        NAS-IP-Address = 128.91.243.89
        User-Name = "deke"
        NAS-Port = 0
        NAS-Port-Type = Wireless-IEEE-802-11
        Acct-Session-Id = "dekeA4670678284A-19ACE"
        Acct-Multi-Session-Id = "A4670678284A-0000186714"
        Calling-Station-Id = "A4670678284A"
        Called-Station-Id = "000B860C9020"
        Acct-Delay-Time = 0
        Aruba-Essid-Name = "AirPennNet"
        Aruba-Location-Id = "fulberts"
        Aruba-User-Vlan = "<0><0><1><244>"
        Acct-Status-Type = Start
        Acct-Authentic = 0
        Timestamp = 1337607658

 

Thoughts?

Colleen Szymanik
------------------------------------
University of Pennsylvania
Network Engineer
(215)573-2628
Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: Clients not getting an IP address

Colleen, 

 

Filter-id is used in server-derivation rules to place the user in a certain VLAN or certain role. Do you have any server-derivation rules configured under the server-group? 

 

show aaa server-group <server-group-name>



--
HT
Contributor I
Posts: 28
Registered: ‎07-27-2010

Re: Clients not getting an IP address

No, we don't have any derivation roles defined in our groups.  Thanks for the clarification.  I'm not sure if there's something to the RADIUS accounting start packet differences other than the filter-id that might give me insight to the issue. 

Colleen Szymanik
------------------------------------
University of Pennsylvania
Network Engineer
(215)573-2628
Search Airheads
Showing results for 
Search instead for 
Did you mean: