Wireless Access

Our wireless network has started to behave differently over the past few weeks. When users authenticate, they are always being assigned 169.xx.xx.xx address. This occurs for old users and new users. When performing a "ipconfig /renew," the response from the DHCP server times out and the user maintains the 169 IP address. However, after waiting 10+ minutes, the IP automatically resolves, and the user is finally assigned a proper IP address. 

Looking at the main controller GUI and accessing the debug logs, I noticed the following lines I thought were interesting:

Looking at the local controller's local events, I noticed:

This is a strange issue and it seems to be affecting all of our users. This issue did not occur 3 weeks ago. 

For a little background information, we're running Aruba Controller 6000 with ArubaOS 6.1. The network uses WPA2-Enterprise, 802.1x, EAP-TLS with smartcard authentication. 

Any information would be appreciated. Thanks!

Which role is the user placed into after authentication?  Do "show user | include xx:xx" (xx:xx is the last 4 of the MAC address of a client with the 169.254 address) and note the role name.  Then, do "show rights <role name>" and make sure you allowed DHCP (probably listed as svc-dhcp under the control ACL).  It could be that the lease is short, the clients cant renew their address at half-lease and then they time out.  If the controller doesn't see valid traffic, it will remove the user from the user-table (thats what those logs were telling you).

If you use the controller for DHCP, do "show ip dhcp stat" and make sure you have free leases.

If you use some other DHCP server, do you have free leases there?

Sorry to bump an old thread but I am having this exact issue. Two seperate VLANS running off our 6000 series controller 1 of them is working fine, but 3 days ago our guest VLAN stopped letting people get IP's I can get an IP fine when Im on the wired part of the network. DHCP is allowed in Roles and ACL. I dont really know where to go from here.

Starting with the basics...  

What is providing DHCP?  Controller or an external server?

Have you confirmed that your scopes are active and not out of leases?

I have a linux DHCP server handing out IP's. I could get an IP from it just fine when Im on the wired portion of that network. Scopes are set up fine, and only have about 400 users out of the 1k availiable IPs with the subnet I'm working with. I sniffed the network and could see thousands of DISCOVER AND REQUESTS but no OFFER or ACK. However I get offered an IP just fine when Im on the wired portion, only an issue when you try to get an IP when on an AP. Yes I can assign static and ping all neccesary interfaces, DHCP, Gateway, controller, etc. 

I restarted the server at the end of the day and it started functioning fine again. This is the second time our entire guest network has went down because of this bug.

You should grab the tar logs tech-support for the controller when this happens so that TAC has an idea of what is going on.

My wireless network is acting the same way. Clients are getting 169 addresses and after about 20 minutes, users will get the correct ipaddress. But our wireless controller doesn't hand out the ip addresses. And our hardwired network works fine. I think it's a setting on the controller.