12-16-2015 08:57 AM
Aruba Controller versions 188.8.131.52_50314, CPPM 184.108.40.206779, Android version 5.0-5.1
I have an SSID on a Aruba 7210 controller with a backup Aruba 7210 controller. The SSID is configured AAA to pass authenication EAP\TLS user certificate authenication to CPPM via Airwatch staging for the Apple and Android devices. CPPM works fine and accepts the authenications for both Apple and Android devices and forwards back to the controller. The Apple devices work everytime and get the correct role and get an IP address. The Android devices most of the time do not get an IP address and do pass CPPM and get the correct role everytime. On the backend of the SSID I have 3 split VLANS with \24 subnets that are layer 2 to the Cisco Nexus switch in a port channel config. The layer 3 interface is on the Cisco Nexus switch and has IP helpers. I have changed the VLANS for troubleshooting to just one VLAN and it does not fix the issue and also put the layer 3 interface on the controller and that does not fix the issue.
When the Android device fails it does show it connected and has an IP addres to the SSID and the Aruba controller shows NO IP address but shows it connected for that same device. When the person that tests the Android devices sees that it does have an IP address on the Android device but can not get anywhere on the internet.
But for some reason the Android devices sometimes do get connected and work fine!!! The Apple devices have no problem and get an IP everytime and pass CPPM everytime on that same SSID.
Do you know if there is an issue with the Android devices and what version I should be using to get these devices to work everytime?
I do know that CPPM and the firewall rules on the Aruba controller all work fine because the Apple devices all work fine.
I am working with Aruba TAC on this issue but they are having issues finding a solution for this issue with the Android devices.
Solved! Go to Solution.
12-16-2015 10:23 AM - edited 12-16-2015 10:25 AM
Can you make sure that those VLANs\Scopes that the Androids are landing on are not running out of leases?
You could also run the following command :
To see the distribution of clients .
What type of VLAN pooling you are using ? Hash or Even
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
12-16-2015 12:01 PM
The DHCP scopes are fine. They are /24 subnets and I have been only testing the SSID with one WAP broadcasting the SSID with the max client sessions of 5 at one time. Lease time is set for 8 hours.
I will check to see how the VLAN pools are split.
I did test this with only one VLAN \24 and the same problem happens.
02-12-2016 12:58 PM
I FOUND THE SOLUTION TO THE ANDROID DEVICES NOT GETTING AN IP ADDRESS!
ANDROID DEVICES DO NOT LIKE UNICAST ARP REQUESTS. THERE IS AN OPTION BY DEFAULT ON THE VIRTUAL AP, SSID "CONVERT BROADCAST ARP TO UNICAST ARP". THIS OPTION NEEDS TO BE DISABLED!! AS SOON AS I DID THIS CHANGE THE ANDROID DEVICES STARTED TO GET IP ADDRESS JUST FINE.
I FOUND OUT THAT WINDOWS\APPLE DEVICES DO NOT CARE IF THERE IS UNICAST ARP REQUESTS AND THATS WHY THEY WORKED JUST FINE.
02-12-2016 01:02 PM
I use a number of android devices and this has always been enabled. I have never failed to get an ip address. There has to be something else in play here...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base