Wireless Access

Reply
Contributor II
Posts: 91
Registered: ‎07-19-2011

DHCP STRANGE ISSUE

Hello,

 

i have an aruba controller and the infoblox as DHCP Server.

 

I see sometimes a issue between computers and smartphones. When a computers try to get an IP Address the DHCP server send the IP 10.10.10.1 but in the aruba that IP is in use but the dhcp server is free that ip, and the device supossed to have that address y doesnt connected. i check and no fixed ip is in both devices.

 

I have a lease in the dhcp server and works fine but for strange reason when a device is idle or disconnected off the network the Aruba still have the MAC and IP on the table

 

what might be causing this trouble? any toughts?

 

 

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: DHCP STRANGE ISSUE

by default the Aruba controller keeps the name and the mac in the table for 5 minutes.  If you have changed the user idle timer, this will be much longer and Aruba's ip spoofing mechanism will not allow a user to get that ip address as a result.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 91
Registered: ‎07-19-2011

Re: DHCP STRANGE ISSUE

so the recomendation is 5 minutes? can i change to less minutes or i not recommended?

 

I noticed this when a computer trys to connect and the IP that keep the controllers is for a smartphone(iphone and android)

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: DHCP STRANGE ISSUE

If you have not changed it, it should be at 5 minutes.  If you have changed it, changing it back to 5 minutes will deal with your issue.  People change this so that users do not have to login to the captive portal frequently, but it creates other problems when you extend it too much.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 91
Registered: ‎07-19-2011

Re: DHCP STRANGE ISSUE

ok, do you know the command to change the idle time?

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: DHCP STRANGE ISSUE

Type "show aaa timers" first to see what the value is.  If it is five minutes, you don't have to change anything and something else is the problem.

 

Then you:

 

(host) (config) #aaa timers idle-timeout ?
<1-15300>               User idle timeout value. Valid range is 30-15300
                        seconds in multiples of 30 seconds or 1-255 minutes.
                        Default is 300 seconds

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,401
Registered: ‎05-28-2008

Re: DHCP STRANGE ISSUE

[ Edited ]

Hi

good morning,

:smileywink:

You can run the following command:
aaa user fast-age
(via cli)
it should solve your issue.  :smileyhappy:

 

hat what this command is does:
When connecting to wireless, Microsoft Windows will typically leak traffic from all interfaces, creating users in the Aruba user-table that have the same MAC address, but wired or VMWARE ip addresses. These duplicate ip addresses can stay up to 5 or 7 minutes until they age out of the user table. The "aaa user fast-age" configuration command will actively send traffic to those duplicate sessions and will immediately remove them from the user table, quickly.

***Care should be taken when using this when terminating client VPN sessions directly on the Aruba controller. Client VPN users that terminate on the Aruba controller have an inner IP address, as well as an outer IP address in the table. If the user has Windows Firewall enabled so that it doesn't return pings from the inner IP address, it will not return pings and the client will be disconnected. In that case you would use the "no user aaa fast-age" command. By default (Thanks to the guys from EMEA for pointing this out).

also read cjoseph post regarding this command  here in AirHeads(COTD):
http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-aaa-user-fast-age/td-p/4098

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,401
Registered: ‎05-28-2008

Re: DHCP STRANGE ISSUE

another tip: TRY TO KEEP YOUR DHCP TIMERS (LEASE TIME) = TO AAA IDLE TIMEOUT IN THE ARUBA CONTROLLER.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor II
Posts: 118
Registered: ‎02-10-2011

Re: DHCP STRANGE ISSUE

HI,

 

I have mine set at - aaa timers idle-timeout 1200 seconds.  It was mentioned by cjoseph this can cause problems if set too high.  What are those problems and is there a workaround? 

 

Also kdisc98 mentioned keeping the dhcp timers (lease time) = to this idle-timeout.  What or where specifically are you referring to for the dhcp timers?  Our DHCP is handed out by a windows server for all but the guest wifi/captive portal users which get theirs from the controller.

 

Thanks

Guru Elite
Posts: 20,785
Registered: ‎03-29-2007

Re: DHCP STRANGE ISSUE


istong wrote:

HI,

 

I have mine set at - aaa timers idle-timeout 1200 seconds.  It was mentioned by cjoseph this can cause problems if set too high.  What are those problems and is there a workaround? 

 

Also kdisc98 mentioned keeping the dhcp timers (lease time) = to this idle-timeout.  What or where specifically are you referring to for the dhcp timers?  Our DHCP is handed out by a windows server for all but the guest wifi/captive portal users which get theirs from the controller.

 

Thanks


If set too high, clients stay in the user table much longer than they do actually, giving you an inflated view of your users.  In addition, if you are using IP spoofing protection, it would seem that users still have an ip address, even though they are long gone.  It should definitely not be longer than your DHCP scope lease, but longer than the default creates an inaccurate view of how many users are connected.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: