Wireless Access

last person joined: 10 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

No DHCP addresses provided to clients on a vlan where controller is DHCP server

This thread has been viewed 17 times

  • 1.  No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 03:40 PM
    Hi All, Running into something that shouldnt be difficult normally... I'm trying to get clients to connect to an open ssid and get an IP address. 1. VLAN is created on controller (50) 2. dhcp is enabled on controller, pool configured (10.10.50.0/24), excluded controller vlan ip and gateway (10.10.50.250, 10.10.50.254) 3. controller has IP on the vlan that matches the subnet of dhcp. (10.10.50.250) 4. AP is broadcasting SSID 5. vap has the correct vlan selected (50) No clients (iPad, Windows, Android) can get ip. I get nothing under "show user-table verbose" other than the AP. I enabled dhcp debug "logging level debugging network subcat dhcp", but there are no entries when entering "show log network 100". I feel like I'm missing something simple. N


  • 2.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 03:42 PM

    What kind of SSID is it?

    What is the initial role for that user and what ACLs are assigned to that role?



  • 3.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 03:57 PM
    Initial role is: Name Firewall Policies Bandwidth Contract Actions default-iap-user-role allowall/ The vap is forward mode tunnel.


  • 4.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 04:01 PM

    Type "show station-table" to see what role the user gets.  The user will not be in the user table unless it gets an ip address..



  • 5.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 04:04 PM
    doh right. Here is the station-table Station Entry ------------- MAC Name Role Age(d:h:m) Auth AP name Essid Phy Remote Profile ------------ ------ ---- ---------- ---- ------- ----- --- ------ ------- 64:80:98:c8:f5:65 default-iap-user-role 00:00:00 No AP305-Test Test a-VHT No Test-aaa_prof


  • 6.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 04:08 PM

    Are you using encryption?



  • 7.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 04:23 PM
    Not for SSID, it is currently open. I had WPA2 PSK before but removed it for simplicity.


  • 8.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 04:26 PM

    Give your client a static ip address and see if it works.



  • 9.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 04:55 PM
    Client has no network communication. I can only ping myself. Controller cannot ping static client ip. Core switch cannot ping static client. Core can ping controller ip on the vlan that the static client is on.


  • 10.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 04:57 PM

    You should try using the WLAN wizard to configure your WLAN if you have not done so already.



  • 11.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 05:29 PM
    I created a new AP group and WLAN via the wizard, I also created a new DHCP pool, vlan, and controller IP on new vlan. I reprovisioned the AP. The Issue remains.


  • 12.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 05:37 PM

    Have you configured any WLANs on that controller that worked?



  • 13.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 05:39 PM
    No, this is one of the initial attempts. If I put encryption, it successfully connects, but no IP.


  • 14.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 05:54 PM
    I made a spare port on the controller an access port on vlan50. I connected a laptop and immediately got the correct IP and had network access. Is there something special to working with AP305? First time working with these also. N


  • 15.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 06:01 PM

    There is nothing special.  What version of ArubaOS is this?

     



  • 16.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 17, 2017 06:02 PM
    Version: 6.5.1.2 Compiled: 2016-12-14 at 18:54:13 PST (build 57757) by p4build


  • 17.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 17, 2017 06:06 PM

    I would turn on user debugging:

     

    config t

    logging level debugging user

     

    Attempt to the network

     

    Type "show log user all" to see if you can figure out what is wrong...



  • 18.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 21, 2017 10:52 AM

    This is the output of the user debugging. I don't see anything myself, but I'm also not an expert on reading this log.

     

    Feb 21 09:45:06 :501093:  <NOTI> |AP APNAME@x.x.x.161 stm|  Auth success: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:06 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  remove_stale_sta 2953: client ec:1f:72:83:82:6d not in stale hash table
Feb 21 09:45:06 :501095:  <NOTI> |AP APNAME@x.x.x.161 stm|  Assoc request @ 09:45:06.896428: ec:1f:72:83:82:6d (SN 0): AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:06 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  handle_assoc_req:5568: mcast_encr(0x00000001), ucast_encr(0x00000001)
Feb 21 09:45:06 :501218:  <NOTI> |AP APNAME@x.x.x.161 stm|  stm_sta_assign_vlan 17773: VLAN: sta ec:1f:72:83:82:6d, STM assigns MAC based vlan_id 60
Feb 21 09:45:06 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  handle_assoc_req: STA:ec:1f:72:83:82:6d aid:0
Feb 21 09:45:06 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  handle_assoc_req:6452 XXX mac=ec:1f:72:83:82:6d reassoc(0), dot11r(0), ftie_present(0), auth_alg(0) SNR(0) max_neg_rate(866)
Feb 21 09:45:06 :501218:  <4024> <NOTI> |stm|  stm_sta_assign_vlan 17767: VLAN: sta ec:1f:72:83:82:6d, STM assigns MAC based vlan_id 60
Feb 21 09:45:06 :501100:  <NOTI> |AP APNAME@x.x.x.161 stm|  Assoc success @ 09:45:06.898319: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:06 :501065:  <4024> <DBUG> |stm|  a2c_sm_process_stalist:851 reassoc(0), dot11r(0), ftie_present(0), auth_alg(0)
Feb 21 09:45:06 :501100:  <4024> <NOTI> |stm|  Assoc success @ 09:45:06.902418: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:06 :522295:  <4618> <DBUG> |authmgr|  Auth GSM : USER_STA event 0 for user ec:1f:72:83:82:6d
Feb 21 09:45:06 :522035:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d Station UP: BSSID=34:fc:b9:23:2c:d0 ESSID=ATest VLAN=60 AP-name=APNAME
Feb 21 09:45:06 :522077:  <4618> <DBUG> |authmgr|  MAC=ec:1f:72:83:82:6d ingress 0x0x10015 (tunnel 21), u_encr 1, m_encr 1, slotport 0x0x20c0 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Feb 21 09:45:06 :522264:  <4618> <DBUG> |authmgr|  "MAC:ec:1f:72:83:82:6d: Allocating UUID: 0x2b1820b6d9f70056
Feb 21 09:45:06 :522158:  <4618> <DBUG> |authmgr|  Role Derivation for user N/A-00:00:00:00:00:00- logon mac user created.
Feb 21 09:45:06 :522142:  <4618> <DBUG> |authmgr|  Setting default role to logon for user 00:00:00:00:00:00".
Feb 21 09:45:06 :522127:  <4618> <DBUG> |authmgr|  {L2} Update role from (null) to logon for IP=N/A, MAC=00:00:00:00:00:00.
Feb 21 09:45:06 :522049:  <4618> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=N/A User role updated, existing Role=none/none, new Role=logon/none, reason=mac user created
Feb 21 09:45:06 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 0 derivation_type Reset VLANs for Station up index 0.
Feb 21 09:45:06 :522255:  <4618> <DBUG> |authmgr|  "VDR - set vlan in user for ec:1f:72:83:82:6d vlan 60 fwdmode 0 derivation_type Default VLAN.
Feb 21 09:45:06 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 60 derivation_type Default VLAN index 1.
Feb 21 09:45:06 :522255:  <4618> <DBUG> |authmgr|  "VDR - set vlan in user for ec:1f:72:83:82:6d vlan 60 fwdmode 0 derivation_type Current VLAN updated.
Feb 21 09:45:06 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 60 derivation_type Current VLAN updated index 2.
Feb 21 09:45:06 :522158:  <4618> <DBUG> |authmgr|  Role Derivation for user N/A-ec:1f:72:83:82:6d- N/A Set AAA profile defaults.
Feb 21 09:45:06 :522142:  <4618> <DBUG> |authmgr|  Setting default role to Test-authenticated for user ec:1f:72:83:82:6d".
Feb 21 09:45:06 :522127:  <4618> <DBUG> |authmgr|  {L2} Update role from logon to Test-authenticated for IP=N/A, MAC=ec:1f:72:83:82:6d.
Feb 21 09:45:06 :522049:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d,IP=N/A User role updated, existing Role=logon/none, new Role=Test-authenticated/none, reason=Set AAA profile defaults
Feb 21 09:45:06 :522246:  <4618> <DBUG> |authmgr|  Idle timeout should be driven by STM for MAC ec:1f:72:83:82:6d.
Feb 21 09:45:06 :524141:  <4618> <DBUG> |authmgr|  clr_pmkcache_ft():1013: MAC:ec:1f:72:83:82:6d BSS:34:fc:b9:23:2c:d0
Feb 21 09:45:06 :522287:  <4618> <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac ec:1f:72:83:82:6d bssid 34:fc:b9:23:2c:d0 vlan 60 type 1 data-ready 0
Feb 21 09:45:06 :522254:  <4618> <DBUG> |authmgr|  VDR - mac ec:1f:72:83:82:6d rolename Test-authenticated fwdmode 0 derivation_type Initial Role Contained vp not present.
Feb 21 09:45:06 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 0 derivation_type Reset Role Based VLANs index 3.
Feb 21 09:45:06 :522083:  <4618> <DBUG> |authmgr|  Skip User-Derivation, mba:0 udr_exist:0,default_role:Test-authenticated,pDefRole:0x0x1218f24
Feb 21 09:45:06 :522320:  <4618> <DBUG> |authmgr|  handle_sta_up_dn (2958): rtts user=ec:1f:72:83:82:6d  enabled=0 initial tput=100000
Feb 21 09:45:06 :524124:  <4618> <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:ec:1f:72:83:82:6d, pmkid_present:False, pmkid:N/A
Feb 21 09:45:06 :522255:  <4618> <DBUG> |authmgr|  "VDR - set vlan in user for ec:1f:72:83:82:6d vlan 60 fwdmode 0 derivation_type Current VLAN updated.
Feb 21 09:45:06 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 60 derivation_type Current VLAN updated index 4.
Feb 21 09:45:06 :522260:  <4618> <DBUG> |authmgr|  "VDR - Cur VLAN updated ec:1f:72:83:82:6d mob 0 inform 1 remote 0 wired 0 defvlan 60 exportedvlan 0 curvlan 60.
Feb 21 09:45:06 :522128:  <4618> <DBUG> |authmgr|  download-L2: acl=57/0 role=Test-authenticated, tunl=0x0x10015, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
Feb 21 09:45:06 :522050:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d,IP=N/A User data downloaded to datapath, new Role=Test-authenticated/57, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
Feb 21 09:45:06 :522242:  <4618> <DBUG> |authmgr|  MAC=ec:1f:72:83:82:6d Station Created Update MMS: BSSID=34:fc:b9:23:2c:d0 ESSID=ATest VLAN=60 AP-name=APNAME
Feb 21 09:45:06 :522301:  <4618> <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0x2b1820b6d9f70056 mac ec:1f:72:83:82:6d name  role Test-authenticated devtype  wired 0 authtype 0 subtype 0  encrypt-type 0 conn-port 8384 fwd-mode 0
Feb 21 09:45:37 :501102:  <NOTI> |AP APNAME@x.x.x.161 stm|  Disassoc from sta: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME Reason STA has left and is disassociated
Feb 21 09:45:37 :522296:  <4618> <DBUG> |authmgr|  Auth GSM : USER_STA delete event for user ec:1f:72:83:82:6d age 0 deauth_reason 8
Feb 21 09:45:37 :522036:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d Station DN: BSSID=34:fc:b9:23:2c:d0 ESSID=ATest VLAN=60 AP-name=APNAME
Feb 21 09:45:37 :501000:  <DBUG> |AP APNAME@x.x.x.161 stm|  Station ec:1f:72:83:82:6d: Clearing state
Feb 21 09:45:37 :522234:  <4618> <DBUG> |authmgr|  Setting idle timer for user ec:1f:72:83:82:6d to 300 seconds (idle timeout: 300 ageout: 0).
Feb 21 09:45:37 :522152:  <4618> <DBUG> |authmgr|  station free: bssid=34:fc:b9:23:2c:d0, @=0x0x123a25c.
Feb 21 09:45:37 :522244:  <4618> <DBUG> |authmgr|  MAC=ec:1f:72:83:82:6d Station Deleted Update MMS
Feb 21 09:45:37 :522301:  <4618> <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0x2b1820b6d9f70056 mac ec:1f:72:83:82:6d name  role Test-authenticated devtype  wired 0 authtype 0 subtype 0  encrypt-type 0 conn-port 8384 fwd-mode 0
Feb 21 09:45:37 :522004:  <4618> <DBUG> |authmgr|  ec:1f:72:83:82:6d: station datapath entry deleted
Feb 21 09:45:37 :522290:  <4618> <DBUG> |authmgr|  Auth GSM : MAC_USER delete for mac ec:1f:72:83:82:6d
Feb 21 09:45:37 :522303:  <4618> <DBUG> |authmgr|  Auth GSM : USER delete for mac ec:1f:72:83:82:6d uuid 0x2b1820b6d9f70056
Feb 21 09:45:37 :527004:  <4261> <INFO> |mdns|  mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:ec:1f:72:83:82:6d
Feb 21 09:45:37 :527000:  <4261> <DBUG> |mdns|  ag_ssdp_get_token_list_for_mac 348 AirGroup user doesn't exist: mac=ec:1f:72:83:82:6d
Feb 21 09:45:37 :527000:  <4261> <DBUG> |mdns|  ag_mdns_get_token_list_for_mac 648 AirGroup user doesn't exist: mac=ec:1f:72:83:82:6d
Feb 21 09:45:37 :527000:  <4261> <DBUG> |mdns|  mdns_client_purge 1146 Purge mdns client, mac=ec:1f:72:83:82:6d, del_client = 1
Feb 21 09:45:37 :501000:  <4024> <DBUG> |stm|  Station ec:1f:72:83:82:6d: Clearing state
Feb 21 09:45:40 :501093:  <NOTI> |AP APNAME@x.x.x.161 stm|  Auth success: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:40 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  remove_stale_sta 2953: client ec:1f:72:83:82:6d not in stale hash table
Feb 21 09:45:40 :501095:  <NOTI> |AP APNAME@x.x.x.161 stm|  Assoc request @ 09:45:40.102380: ec:1f:72:83:82:6d (SN 0): AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:40 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  handle_assoc_req:5568: mcast_encr(0x00000001), ucast_encr(0x00000001)
Feb 21 09:45:40 :501218:  <NOTI> |AP APNAME@x.x.x.161 stm|  stm_sta_assign_vlan 17773: VLAN: sta ec:1f:72:83:82:6d, STM assigns MAC based vlan_id 60
Feb 21 09:45:40 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  handle_assoc_req: STA:ec:1f:72:83:82:6d aid:0
Feb 21 09:45:40 :501065:  <DBUG> |AP APNAME@x.x.x.161 stm|  handle_assoc_req:6452 XXX mac=ec:1f:72:83:82:6d reassoc(0), dot11r(0), ftie_present(0), auth_alg(0) SNR(0) max_neg_rate(866)
Feb 21 09:45:40 :501218:  <4024> <NOTI> |stm|  stm_sta_assign_vlan 17767: VLAN: sta ec:1f:72:83:82:6d, STM assigns MAC based vlan_id 60
Feb 21 09:45:40 :501100:  <NOTI> |AP APNAME@x.x.x.161 stm|  Assoc success @ 09:45:40.104205: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:40 :501065:  <4024> <DBUG> |stm|  a2c_sm_process_stalist:851 reassoc(0), dot11r(0), ftie_present(0), auth_alg(0)
Feb 21 09:45:40 :501100:  <4024> <NOTI> |stm|  Assoc success @ 09:45:40.105808: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME
Feb 21 09:45:40 :522295:  <4618> <DBUG> |authmgr|  Auth GSM : USER_STA event 0 for user ec:1f:72:83:82:6d
Feb 21 09:45:40 :522035:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d Station UP: BSSID=34:fc:b9:23:2c:d0 ESSID=ATest VLAN=60 AP-name=APNAME
Feb 21 09:45:40 :522077:  <4618> <DBUG> |authmgr|  MAC=ec:1f:72:83:82:6d ingress 0x0x10015 (tunnel 21), u_encr 1, m_encr 1, slotport 0x0x20c0 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Feb 21 09:45:40 :522264:  <4618> <DBUG> |authmgr|  "MAC:ec:1f:72:83:82:6d: Allocating UUID: 0x2b1829b6d9f70057
Feb 21 09:45:40 :522158:  <4618> <DBUG> |authmgr|  Role Derivation for user N/A-00:00:00:00:00:00- logon mac user created.
Feb 21 09:45:40 :522142:  <4618> <DBUG> |authmgr|  Setting default role to logon for user 00:00:00:00:00:00".
Feb 21 09:45:40 :522127:  <4618> <DBUG> |authmgr|  {L2} Update role from (null) to logon for IP=N/A, MAC=00:00:00:00:00:00.
Feb 21 09:45:40 :522049:  <4618> <INFO> |authmgr|  MAC=00:00:00:00:00:00,IP=N/A User role updated, existing Role=none/none, new Role=logon/none, reason=mac user created
Feb 21 09:45:40 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 0 derivation_type Reset VLANs for Station up index 0.
Feb 21 09:45:40 :522255:  <4618> <DBUG> |authmgr|  "VDR - set vlan in user for ec:1f:72:83:82:6d vlan 60 fwdmode 0 derivation_type Default VLAN.
Feb 21 09:45:40 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 60 derivation_type Default VLAN index 1.
Feb 21 09:45:40 :522255:  <4618> <DBUG> |authmgr|  "VDR - set vlan in user for ec:1f:72:83:82:6d vlan 60 fwdmode 0 derivation_type Current VLAN updated.
Feb 21 09:45:40 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 60 derivation_type Current VLAN updated index 2.
Feb 21 09:45:40 :522158:  <4618> <DBUG> |authmgr|  Role Derivation for user N/A-ec:1f:72:83:82:6d- N/A Set AAA profile defaults.
Feb 21 09:45:40 :522142:  <4618> <DBUG> |authmgr|  Setting default role to Test-authenticated for user ec:1f:72:83:82:6d".
Feb 21 09:45:40 :522127:  <4618> <DBUG> |authmgr|  {L2} Update role from logon to Test-authenticated for IP=N/A, MAC=ec:1f:72:83:82:6d.
Feb 21 09:45:40 :522049:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d,IP=N/A User role updated, existing Role=logon/none, new Role=Test-authenticated/none, reason=Set AAA profile defaults
Feb 21 09:45:40 :522246:  <4618> <DBUG> |authmgr|  Idle timeout should be driven by STM for MAC ec:1f:72:83:82:6d.
Feb 21 09:45:40 :524141:  <4618> <DBUG> |authmgr|  clr_pmkcache_ft():1013: MAC:ec:1f:72:83:82:6d BSS:34:fc:b9:23:2c:d0
Feb 21 09:45:40 :522287:  <4618> <DBUG> |authmgr|  Auth GSM : MAC_USER publish for mac ec:1f:72:83:82:6d bssid 34:fc:b9:23:2c:d0 vlan 60 type 1 data-ready 0
Feb 21 09:45:40 :522254:  <4618> <DBUG> |authmgr|  VDR - mac ec:1f:72:83:82:6d rolename Test-authenticated fwdmode 0 derivation_type Initial Role Contained vp not present.
Feb 21 09:45:40 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 0 derivation_type Reset Role Based VLANs index 3.
Feb 21 09:45:40 :522083:  <4618> <DBUG> |authmgr|  Skip User-Derivation, mba:0 udr_exist:0,default_role:Test-authenticated,pDefRole:0x0x1218f24
Feb 21 09:45:40 :522320:  <4618> <DBUG> |authmgr|  handle_sta_up_dn (2958): rtts user=ec:1f:72:83:82:6d  enabled=0 initial tput=100000
Feb 21 09:45:40 :524124:  <4618> <DBUG> |authmgr|  dot1x_supplicant_up(): MAC:ec:1f:72:83:82:6d, pmkid_present:False, pmkid:N/A
Feb 21 09:45:40 :522255:  <4618> <DBUG> |authmgr|  "VDR - set vlan in user for ec:1f:72:83:82:6d vlan 60 fwdmode 0 derivation_type Current VLAN updated.
Feb 21 09:45:40 :522258:  <4618> <DBUG> |authmgr|  "VDR - Add to history of user user ec:1f:72:83:82:6d vlan 60 derivation_type Current VLAN updated index 4.
Feb 21 09:45:40 :522260:  <4618> <DBUG> |authmgr|  "VDR - Cur VLAN updated ec:1f:72:83:82:6d mob 0 inform 1 remote 0 wired 0 defvlan 60 exportedvlan 0 curvlan 60.
Feb 21 09:45:40 :522128:  <4618> <DBUG> |authmgr|  download-L2: acl=57/0 role=Test-authenticated, tunl=0x0x10015, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
Feb 21 09:45:40 :522050:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d,IP=N/A User data downloaded to datapath, new Role=Test-authenticated/57, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=300
Feb 21 09:45:40 :522242:  <4618> <DBUG> |authmgr|  MAC=ec:1f:72:83:82:6d Station Created Update MMS: BSSID=34:fc:b9:23:2c:d0 ESSID=ATest VLAN=60 AP-name=APNAME
Feb 21 09:45:40 :522301:  <4618> <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0x2b1829b6d9f70057 mac ec:1f:72:83:82:6d name  role Test-authenticated devtype  wired 0 authtype 0 subtype 0  encrypt-type 0 conn-port 8384 fwd-mode 0
Feb 21 09:46:10 :501102:  <NOTI> |AP APNAME@x.x.x.161 stm|  Disassoc from sta: ec:1f:72:83:82:6d: AP x.x.x.161-34:fc:b9:23:2c:d0-APNAME Reason STA has left and is disassociated
Feb 21 09:46:10 :501000:  <DBUG> |AP APNAME@x.x.x.161 stm|  Station ec:1f:72:83:82:6d: Clearing state
Feb 21 09:46:10 :522296:  <4618> <DBUG> |authmgr|  Auth GSM : USER_STA delete event for user ec:1f:72:83:82:6d age 0 deauth_reason 8
Feb 21 09:46:10 :522036:  <4618> <INFO> |authmgr|  MAC=ec:1f:72:83:82:6d Station DN: BSSID=34:fc:b9:23:2c:d0 ESSID=ATest VLAN=60 AP-name=APNAME
Feb 21 09:46:10 :522234:  <4618> <DBUG> |authmgr|  Setting idle timer for user ec:1f:72:83:82:6d to 300 seconds (idle timeout: 300 ageout: 0).
Feb 21 09:46:10 :522152:  <4618> <DBUG> |authmgr|  station free: bssid=34:fc:b9:23:2c:d0, @=0x0x12b0d9c.
Feb 21 09:46:10 :522244:  <4618> <DBUG> |authmgr|  MAC=ec:1f:72:83:82:6d Station Deleted Update MMS
Feb 21 09:46:10 :522301:  <4618> <DBUG> |authmgr|  Auth GSM : USER publish for uuid 0x2b1829b6d9f70057 mac ec:1f:72:83:82:6d name  role Test-authenticated devtype  wired 0 authtype 0 subtype 0  encrypt-type 0 conn-port 8384 fwd-mode 0
Feb 21 09:46:10 :522004:  <4618> <DBUG> |authmgr|  ec:1f:72:83:82:6d: station datapath entry deleted
Feb 21 09:46:10 :522290:  <4618> <DBUG> |authmgr|  Auth GSM : MAC_USER delete for mac ec:1f:72:83:82:6d
Feb 21 09:46:10 :522303:  <4618> <DBUG> |authmgr|  Auth GSM : USER delete for mac ec:1f:72:83:82:6d uuid 0x2b1829b6d9f70057
Feb 21 09:46:10 :527004:  <4261> <INFO> |mdns|  mdns_parse_auth_useridle_message 169 Auth User Idle Timeout: MAC:ec:1f:72:83:82:6d
Feb 21 09:46:10 :527000:  <4261> <DBUG> |mdns|  ag_ssdp_get_token_list_for_mac 348 AirGroup user doesn't exist: mac=ec:1f:72:83:82:6d
Feb 21 09:46:10 :527000:  <4261> <DBUG> |mdns|  ag_mdns_get_token_list_for_mac 648 AirGroup user doesn't exist: mac=ec:1f:72:83:82:6d
Feb 21 09:46:10 :527000:  <4261> <DBUG> |mdns|  mdns_client_purge 1146 Purge mdns client, mac=ec:1f:72:83:82:6d, del_client = 1
Feb 21 09:46:10 :501000:  <4024> <DBUG> |stm|  Station ec:1f:72:83:82:6d: Clearing state


  • 19.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 21, 2017 10:58 AM

    In the logs, it says that the user is being assigned to VLAN 60, but in your first post you mention that the client VLAN is 50.  Which VLAN should it be?



  • 20.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 21, 2017 11:10 AM

    It should now be 60. I recreated everything for troubleshooting, starting over. 60 is the new 50.



  • 21.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    EMPLOYEE
    Posted Feb 21, 2017 12:28 PM

    Please PM me your email so I can send you a link for your logs.tar.



  • 22.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server
    Best Answer

    Posted Feb 21, 2017 12:29 PM

    So we figured it out. And boy is it odd.

     

    Apparently none of the build in ACLs have data in them at all. The allowall exists, but did not have the "ip any any any" entry. The same goes for http,https,logon control, etc. About two dozen ACLs have no data.

     

    I opened up a TAC case to request that someone takes a look at it and sends over what the ACLs should be.

     

    After manually configuring "allowall" with "ip any any any", dhcp started to work. 

     

    Thanks everyone for your help, you got the wheels turning.

     

    -N



  • 23.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted May 03, 2018 06:08 PM

    Resolved the same problem I was having as well. Thanks for the info. The role I created specifically had ip permit any any and DHCP didnt work until I added the allowall policy. 



  • 24.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 19, 2017 01:08 PM
    Check a couple of things:
    - make sure the dhcp service is enabled
    - that the user role is allowing DHCP traffic
    - that the vlan you created is configured with an address matching the default gateway/subnet mask defined under the DHCP pool
    - the VAP has that VLAN defined

    Get Outlook for iOS


  • 25.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 21, 2017 11:09 AM

    Hi Victor,

     

    1. DHCP is enabled
    2. User role allows dhcp
    3. vlan is configured with IP that matches gateway subnet mask on dhcp pool
    4. vap has vlan defined

    Attached pics of each step. Sorry for not doing inline.



  • 26.  RE: No DHCP addresses provided to clients on a vlan where controller is DHCP server

    Posted Feb 19, 2017 01:08 PM
    Check a couple of things:
    - make sure the dhcp service is enabled
    - that the user role is allowing DHCP traffic
    - that the vlan you created is configured with an address matching the default gateway/subnet mask defined under the DHCP pool
    - the VAP has that VLAN defined

    Get Outlook for iOS