Wireless Access

Reply
Occasional Contributor II

Clients with two ip addresses

Has any one seen this before?

 

It seems to be more common with android devices.

 

A client with the same mac address will hold on to two ip addresess.

 

3400 running 6.2.1.5

 

Thanks,

 

 

 

Frequent Contributor II

Re: Clients with two ip addresses

Me too! and sometimes one IP address isn't an address of my LAN.

------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013

Re: Clients with two ip addresses

I've seen this in two different scenarios:

 

  1. Client was previously connected to another network.  Somehow the IP it previously had showed up in the user table.
  2. VLAN pooling was not working correctly.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite

Re: Clients with two ip addresses


scoaker1 wrote:

Has any one seen this before?

 

It seems to be more common with android devices.

 

A client with the same mac address will hold on to two ip addresess.

 

3400 running 6.2.1.5

 

Thanks,

 

 

 


The wireless adapter sometimes "leaks" the ip address of other interfaces like WAN, VPN or VMWARE interfaces through it.  One way to deal with this to to use "Enforce DHCP" on the AAA profile so that only devices that the controller can see obtaining a DHCP address will enter the user table.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Clients with two ip addresses

that was my feeling also cjoseph, it is a fun way to see your 3G IP.

 

but is validuser acl also not a way to not see these IPs?

Super Contributor II

Re: Clients with two ip addresses

Sometimes I have seen 1 IP address assigned to multiple MAC addresses :-(
Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA

Re: Clients with two ip addresses

In terms of the invalid IP appearing in the user table and firewall list, I don't find the valid-user ACLs (or any other) will help prevent this.

 

Broadly speaking this is because the controller MUST (even temporarily) add the session in deny state due to normal operation (assuming it's setup accordingly). So you still see it.

 

And actually, for what it's worth, I'm not a big fan of the DHCP enforce, although I do get what CJ is saying. Certain (very badly programmed) clients tend not to respond well to this I've found.

 

It's just something to understand and live with I'd say. It would be nice if the associated Android OS's didn't do it, but hey-ho!

 

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor II

Re: Clients with two ip addresses

Thanks for all the response.

 

I have seen Android devices with two different ip addresses. Usually one outside my network and one that is valid.

 

Just strange that they grab two valid addresses with different association times and not letting go of either.

 

I'll try the " enforce DHCP" setting on one controller to see how it helps or inhibits any other clients.

 

Guru Elite

Re: Clients with two ip addresses


The.racking.monkey wrote:

In terms of the invalid IP appearing in the user table and firewall list, I don't find the valid-user ACLs (or any other) will help prevent this.

 

Broadly speaking this is because the controller MUST (even temporarily) add the session in deny state due to normal operation (assuming it's setup accordingly). So you still see it.

 

And actually, for what it's worth, I'm not a big fan of the DHCP enforce, although I do get what CJ is saying. Certain (very badly programmed) clients tend not to respond well to this I've found.

 

It's just something to understand and live with I'd say. It would be nice if the associated Android OS's didn't do it, but hey-ho!

 

 


The.racking.monkey,

 

The validuser ACL would prevent this, because devices not in the validuser ACL cannot enter the user table period.  The controller does NOT have to add a user temporarily in deny state.  That is NOT true.  DHCP is the easiest one-checkbox way to fix exactly what the user is reporting in this example.  If it does not work, we will have to figure out what is wrong with the user's setup.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: Clients with two ip addresses

I stand corrected.

Kudos appreciated, but I'm not hunting! (ACMX 104)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: