01-11-2017 04:35 AM
I'm working in a municipality with the wireless network. For some weeks ago we have started having some issues with computers not being able to retreive an IP-address from our DHCP-server at the CTRL+ALT+DELETE screen.
We are using machine authentication with Clearpass and the client is accepted but the user is not able to login since the computer does not have an IP-address. If we login with a local user on the computer we can see that the wifi is connected but it has the yellow triangle above the wifi icon.
I have searched but not found any solution to this. Only thing I can find is that some logs differ in the clearpass logs, see attachments. Can't find any other issues with the keywords I'm searching on. It affects both our new environment and our old.
2017-01-11 11:56:59,007 [RequestHandler-1-0x7f7acfbdd700 h=92935534 c=R004e36d8-01-58760f7a] WARN Core.SessionInfoOperations - Skip SessionInfoOperations::persistSessionInfo because of NULL NAD or NAD IP matching localhost 2017-01-11 11:56:59,007 [RequestHandler-1-0x7f7acfbdd700 h=92935534 c=R004e36d8-01-58760f7a] ERROR Common.NadClientTable - getNadClient: Unknown NadClient X.X.X.X
2017-01-11 11:56:59,008 [RequestHandler-1-0x7f7acfbdd700 r=R004e36d8-01-58760f7a h=92935535 c=R004e36d8-01-58760f7a] INFO Core.PETaskRadiusCoAEnfProfileBuilder - getApplicableProfiles: No radius_coa enforcement profiles applicable for this device
2017-01-11 11:56:59,012 [RequestHandler-1-0x7f7acfbdd700 h=92935541 c=R004e36d8-01-58760f7a] INFO Core.XpipPolicyResHandler - populateResponseTlv: PETaskPostureOutput does not exist. Skip sending posture VAFs 2017-01-11 11:56:59,012 [RequestHandler-1-0x7f7acfbdd700 h=92935541 c=R004e36d8-01-58760f7a] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr 2017-01-11 11:56:59,012 [RequestHandler-1-0x7f7acfbdd700 h=92935540 c=R004e36d8-01-58760f7a] INFO Core.PolicyResCollector - getSohr: Failed to generate Sohr
AP: Every model
AP: Every model
Computers are HP and running Win7 and Win10. Random computers with random models are affected and doesn't mather if it is Win7 or Win10. Can't find anything interesting in the event viewer.
DHCP server is Windows 2012 R2. No logs of the computers exists when this problem occurs.
Only solution is to restart the computer a couple of times and then it works but as you can understand it is not a very good solution. Not sure this is an Aruba problem or if it is HP or Windows but hopefully you can help me.
01-11-2017 04:44 AM
01-11-2017 04:50 AM
It gets the role AD-Personal-Dator, [Machine Authenticated]
This is the name it forwards to the controller and based on this it gets a network. Is it possible that the controller does not receive this?
As I said in the first post, it is not all computers that are having problems.
01-11-2017 04:56 AM
01-11-2017 04:56 AM
01-11-2017 05:12 AM
I have checked with a computer now and everything looks ok in Clearpass but the computer is not visible in the controller.
Hmm, why is the controller not receiving the information?
01-11-2017 06:09 AM - edited 01-11-2017 06:12 AM
The computer is visible and connected to the AP when issuing "show user mac".
It is not visible if I check "show user ap-name".
Attachment is of debug log of the controller when the computer connects. Seems that it understands correct role but still no IP-address.
(arubamaster) #show user mac f0:d5:bf:b7:c5:55 The phy column shows client's operational capabilities for current association Flags: A: Active, B: Band Steerable, H: Hotspot(802.11u) client, K: 802.11K client, M: Mu beam formee, R: 802.11R client, W: WMM client, w: 802.11w client V: 802.11v BSS trans capable PHY Details: HT : High throughput; 20: 20MHz; 40: 40MHz; t: turbo-rates (256-QAM) VHT : Very High throughput; 80: 80MHz; 160: 160MHz; 80p80: 80MHz + 80MHz <n>ss: <n> spatial streams Association Table ----------------- Name bssid mac auth assoc aid l-int essid vlan-id tunnel-id phy assoc. time num assoc Flags Band steer moves (T/S) ---- ----- --- ---- ----- --- ----- ----- ------- --------- --- ----------- --------- ----- ---------------------- AP1 18:64:72:f0:5d:51 f0:d5:bf:b7:c5:55 y y 2 250 Municipality-SSID 85 0x1019e a-VHT-80sgi-2ss 3m:11s 1 WAB 4/4 f0:d5:bf:b7:c5:55-18:64:72:f0:5d:51 Stats ------------------------------------------ Parameter Value --------- ----- Channel 116 Channel Frame Retry Rate(%) 8 Channel Frame Low Speed Rate(%) 0 Channel Frame Non Unicast Rate(%) 0 Channel Frame Fragmentation Rate(%) 0 Channel Frame Error Rate(%) 0 Channel Bandwidth Rate(kbps) 2116 Channel Noise 97 Client Frame Retry Rate(%) 0 Client Frame Low Speed Rate(%) 0 Client Frame Non Unicast Rate(%) 0 Client Frame Fragmentation Rate(%) 0 Client Frame Receive Error Rate(%) 0 Client Bandwidth Rate(kbps) 0 Client Tx Packets 1697 Client Rx Packets 54 Client Tx Bytes 130039 Client Rx Bytes 16247 Client SNR 37 A2c_SM SeqNum, Old SeqNums 18759 0 (arubamaster) #show user ap-name AP1 Users ----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name ---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- 172.21.28.139 ac:7b:a1:a2:b3:09 host/COMPUTER321.municipality.intra AD-Personal-Dator 02:06:44 802.1x Municipality-SSID Wireless Municipality-Kommun/18:64:72:f0:5d:51/a-HT Municipality-Personal tunnel Win 7 ALM-ADM-KLF0004 172.21.31.146 6c:fa:a7:13:44:2b Municipality-PSK 24:00:41 Municipality-SSID Wireless ah-adm/18:64:72:f0:5d:40/g-HT Municipality-PSK tunnel Android 172.21.27.146 34:12:98:cf:81:9d Municipality-PSK 00:00:20 Municipality-SSID Wireless ah-adm/18:64:72:f0:5d:50/a-VHT Municipality-PSK tunnel 172.21.29.34 c4:b3:01:59:dc:d2 Municipality-PSK 00:00:24 Municipality-SSID Wireless ah-adm/18:64:72:f0:5d:50/a-HT Municipality-PSK tunnel iPhone 172.21.27.51 d0:25:98:6e:95:d5 almpersipad ALM-PERS-IPAD 00:02:42 802.1x Municipality-SSID Wireless Municipality-Kommun/18:64:72:f0:5d:51/a-VHT Municipality-Personal tunnel iPhone 172.22.21.7 f4:f9:51:be:72:73 f4f951be7273 Guest-Device-ADMMOB 24:00:57 MAC Municipality-SSID Wireless Municipality-Guest/18:64:72:f0:5d:52/a-HT Municipality-Guest tunnel AppleTV festlund-4 172.23.0.18 b8:8a:60:87:6d:15 host/COMPUTER322.municipality.intra AD-IT-Enheten 00:03:31 802.1x Municipality-SSID Wireless Municipality-Kommun/18:64:72:f0:5d:51/a-VHT Municipality-Personal tunnel Win 10 172.22.17.7 44:2c:05:01:70:5e 442c0501705e Guest-Device-ADMMOB 08:06:23 MAC Municipality-SSID Wireless Municipality-Guest/18:64:72:f0:5d:52/a-HT Municipality-Guest tunnel Linux 172.21.26.17 c8:1e:e7:ba:89:7c Municipality-PSK 00:08:04 Municipality-SSID Wireless ah-adm/18:64:72:f0:5d:50/a-VHT Municipality-PSK tunnel iPhone User Entries: 9/9 Curr/**bleep** Alloc:1423/688197 Free:279/686774 Dyn:1702 AllocErr:0 FreeErr:0
01-11-2017 06:20 AM
Had a similar issue, if you have ticked the "Enforce DHCP" in the AAA profile, there was a bug in the system, falsely stopping users from getting an IP address for whatever reason.
This bug is fixed, i'm just not sure what patch on the 6.5 that is.
By looking up the host in the controller Dashboard, you can see that client and it's role, even if you can't see it under Monitoring->Clients.
This should at least clear up if it has the correct role or not.
The log you included also states that the role is changed at some point, giving it the one you mentioned.
01-12-2017 12:41 AM
Thanks for your reply. I have checked my AAA configuration but I'm not using "Enforce DHCP".
I have started a wireshark capture on a computer and it is sending ARP requests to the gateway in the network it is given but the gateway is not responding. Could the controller block the ARP traffic? Network is a /24.
Broadcast ARP Who has 172.21.29.1? Tell 169.254.172.141
I have also noticed that the mDNS process is taking 100% CPU in the controller. Could this be the issue?
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 4712 root 20 0 144m 49m 9920 R 100 1.0 59903:08 mdns
01-12-2017 01:14 AM
What role does the device have in the user table? Type "show rights (role)"
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base