05-16-2012 11:06 AM
Our wireless network has started to behave differently over the past few weeks. When users authenticate, they are always being assigned 169.xx.xx.xx address. This occurs for old users and new users. When performing a "ipconfig /renew," the response from the DHCP server times out and the user maintains the 169 IP address. However, after waiting 10+ minutes, the IP automatically resolves, and the user is finally assigned a proper IP address.
Looking at the main controller GUI and accessing the debug logs, I noticed the following lines I thought were interesting:
|May 16 09:47:10||webui: USER: shahj has logged in from 141.116.***.**.|
|May 16 09:47:44||authmgr: PAPI_SendLarge: Can't send buffer to my own port|
|May 16 09:50:24||ntpdc: gethostby*.getanswer: asked for "0.0.0.0.in-addr.arpa IN PTR", got type "A"|
|May 16 10:21:02||localdb: <133019> <ERRS> |localdb| User 123176****@mil was not found in the database|
|May 16 10:21:02||localdb: <133006> <ERRS> |localdb| User 123176****@mil Failed Authentication|
|May 16 10:28:42||localdb: <133019> <ERRS> |localdb| User 123176****@mil was not found in the database|
|May 16 10:28:42||localdb: <133006> <ERRS> |localdb| User 123176****@mil Failed Authentication|
Looking at the local controller's local events, I noticed:
|2012-05-16||09:21:06||User with MAC address 00:**:**:d5:a0:54 and IP address 0.0.0.0 from (BSSID 00:24:6c:d3:0c:50,AP aap125-w0-mh861-1) and/or interface 0/0 has changed: Change type is 3|
|2012-05-16||09:36:29||User with MAC address 00:**:**:d5:a0:54 and IP address 10.200.10.11 was created|
|2012-05-16||09:36:29||User with MAC address 00:**:**:d5:a0:54 and IP address 10.200.10.11 from (BSSID 00:24:6c:d3:0c:50,AP aap125-w0-mh861-1) and/or interface 0/0 has changed: Change type is 4|
|2012-05-16||09:41:50||User 169.254.48.145 with MAC address 00:**:**:d5:a0:54 is deleted|
|2012-05-16||09:41:50||User with MAC address 00:**:**:d5:a0:54 IP address 169.254.48.145 was deleted|
|2012-05-16||09:41:50||User with MAC address 00:**:**:d5:a0:54 and IP address 169.254.48.145 from (BSSID 00:24:6c:d3:0c:50,AP aap125-w0-mh861-1) and/or interface 0/0 has changed: Change type is 2|
This is a strange issue and it seems to be affecting all of our users. This issue did not occur 3 weeks ago.
For a little background information, we're running Aruba Controller 6000 with ArubaOS 6.1. The network uses WPA2-Enterprise, 802.1x, EAP-TLS with smartcard authentication.
Any information would be appreciated. Thanks!
05-16-2012 12:07 PM
Which role is the user placed into after authentication? Do "show user | include xx:xx" (xx:xx is the last 4 of the MAC address of a client with the 169.254 address) and note the role name. Then, do "show rights <role name>" and make sure you allowed DHCP (probably listed as svc-dhcp under the control ACL). It could be that the lease is short, the clients cant renew their address at half-lease and then they time out. If the controller doesn't see valid traffic, it will remove the user from the user-table (thats what those logs were telling you).
If you use the controller for DHCP, do "show ip dhcp stat" and make sure you have free leases.
If you use some other DHCP server, do you have free leases there?
02-03-2014 01:35 PM
Sorry to bump an old thread but I am having this exact issue. Two seperate VLANS running off our 6000 series controller 1 of them is working fine, but 3 days ago our guest VLAN stopped letting people get IP's I can get an IP fine when Im on the wired part of the network. DHCP is allowed in Roles and ACL. I dont really know where to go from here.
02-04-2014 07:53 PM
Starting with the basics...
What is providing DHCP? Controller or an external server?
Have you confirmed that your scopes are active and not out of leases?
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
02-05-2014 12:05 AM - edited 02-05-2014 12:06 AM
I have a linux DHCP server handing out IP's. I could get an IP from it just fine when Im on the wired portion of that network. Scopes are set up fine, and only have about 400 users out of the 1k availiable IPs with the subnet I'm working with. I sniffed the network and could see thousands of DISCOVER AND REQUESTS but no OFFER or ACK. However I get offered an IP just fine when Im on the wired portion, only an issue when you try to get an IP when on an AP. Yes I can assign static and ping all neccesary interfaces, DHCP, Gateway, controller, etc.
I restarted the server at the end of the day and it started functioning fine again. This is the second time our entire guest network has went down because of this bug.
02-05-2014 03:03 AM
You should grab the tar logs tech-support for the controller when this happens so that TAC has an idea of what is going on.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base