We have 3 controllers 4704. Master and two local controllers are purely layer-2 connected to layer 3 switch. We see multiple IP for users after enabling vlan pooling even assignment.
(controller) #show user-table verbose | include 2e:dc
10.37.46.9 60:67:20:01:2e:dc xxxxx authenticated 00:01:22 802.1x xxx-AP-01 Wireless xxx/24:de:c6:52:6e:99/a-HT xxx tunnel Win XP xxx 605 (605)
10.37.21.222 60:67:20:01:2e:dc xxx authenticated 00:01:38 802.1x xxx-AP-01 Wireless xxx/24:de:c6:52:6e:99/a-HT xxx tunnel Win XP xxx 605 (605)
From the above log we isolated the issue is due to wired & wireless nics on the client connected to the same network are displayed in the user-table . we are sure will by valid user-ACL we will come out of the situation because wired NIC subnet is not part WLAN.
But we do see the valid IP addresses for the same client on the User-table. So my Doubt was an client roam from controller-1 to other controller-2 , if client is moving from controller on vlan 1 (example) and goes controller-2 on vlan 2 (vlan pooling is even assignment) he is carrying the IP address on of VLAN-1 and displayed in the user-table of controller-2 ,again he acquires vlan-2 IP address from dhcp server (external) is also displayed in the user-table. Not all the clients are seeing the issue.
So we are trying implement Valid user ACL , Enforce DHCP and ARP spoofing to come out of the issue? Please let me know if my approach is correct. Else advice me a better solution.