Wireless Access

Reply
Jes
Occasional Contributor II

Why am I seeing strange IPs in the user-table?

I first noticed the issue because some of our servers became unavailabe to our wireless users.  Our server subnet is 10.0.0.x and IOS devices were starting to show up under GUI and user-table of having 10.0.0.x IPs.  It's like some ARP poising is happening.

 

Our setup:

We have 2 aaa profiles.  Secure and guest.

Both have the enforce DHCP option check.

We use an external DHCP server, however it has NO 10.0.0.x scope in it.

 

 

Could this be a software bug?  We are running Version: 6.3.1.8 on a Aruba 6000.  Perhaps someone else has seen something similar to this..

 

Here is from the CLI:

show user-table | include 10.0.0
10.0.0.2 44:d8:84:80:bd:4c guest 00:05:47
10.0.0.5 d8:d1:cb:a3:25:60 guest 00:06:32
10.0.0.6 78:31:c1:3a:9c:a0 guest 00:05:54
10.0.0.7 0c:3e:9f:3f:7e:cb guest 00:06:45
10.0.0.8 c0:63:94:ae:0c:1f guest 00:04:35
10.0.0.9 88:1f:a1:d8:96:da guest 00:04:43
10.0.0.10 0c:3e:9f:dd:c1:94 guest 00:05:36
10.0.0.11 dc:86:d8:90:4e:13 guest 00:05:41
10.0.0.13 8c:29:37:7c:23:d5 guest 00:04:46
10.0.0.21 3c:ab:8e:d4:7f:19 guest 00:06:30
10.0.0.28 e4:25:e7:96:68:cc guest 00:06:19
10.0.0.66 64:76:ba:e4:5e:fc guest 00:06:21
10.0.0.99 2c:be:08:c0:33:26 guest 00:00:02

Occasional Contributor I

Re: Why am I seeing strange IPs in the user-table?

Seeing similar results.  Only two of 20,000+.  Any reason why?

Guru Elite

Re: Why am I seeing strange IPs in the user-table?

 This could require some investigation.  Type "show user mac <mac address of device>" and see if it has more than one ip address.  Does it say what access point those users are on?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Jes
Occasional Contributor II

Re: Why am I seeing strange IPs in the user-table?

I ran the command on a single MAC addy and it does have 2 addresses and it's connected to a single AP.

 

 

However, I am seeing this on multiple APs throught our site.  It's not confined to any single AP.

Guru Elite

Re: Why am I seeing strange IPs in the user-table?

Type show user-table ip <10.x.x.x> | include DHCP to see how it got the address in the first place:

 

If it got it from DHCP, double-check that your AAA profile has enforce dhcp..

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Jes
Occasional Contributor II

Re: Why am I seeing strange IPs in the user-table?

Doesen't seem to like that command

 

Guru Elite

Re: Why am I seeing strange IPs in the user-table?

Here is what I typed:

 

(192.168.1.3) # show user-table ip 192.168.1.121 | include DHCP
DHCP device-id info - Index: 89, Option: 010F03062C2E2F1F2179F92B, Device:  Group: Windows
Address is from DHCP: yes

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Jes
Occasional Contributor II

Re: Why am I seeing strange IPs in the user-table?

 

Interresting..

 

#show user-table ip 10.0.0.180 | include DHCP
Address is from DHCP: yes

 

I also verified that the enforce DHCP option is checked.

Guru Elite

Re: Why am I seeing strange IPs in the user-table?

do this:

 

config t
logging level debugging network subcat dhcp
logging level debugging network process dhcpd

 Then, kick your client with two ip addresses off the network like this:

 

aaa user delete mac <mac address>

 

Then type "show log network 50""

 

Oct 2 14:26:11 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x440 opcode 0x5a ingress 0x10020 vlan 1 egress 0x1 src mac 90:68:c3:ed:d0:31
Oct 2 14:26:11 :202536:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1: REQUEST 90:68:c3:ed:d0:31 Transaction ID:0xda19b573 reqIP=192.168.1.98 Options 3d:019068c3edd031 39:05dc 3c:6468637063642d352e352e36 0c:616e64726f69642d65633466376639303138653534353335 37:012103060f1a1c333a3b
Oct 2 14:26:11 :202523:  <DBUG> |dhcpdwrap| |dhcp| dhcprelay: dev=eth1, length=315, from_port=68, op=1, giaddr=0.0.0.0
Oct 2 14:26:11 :202532:  <DBUG> |dhcpdwrap| |dhcp| got 2 relay servers
Oct 2 14:26:11 :202533:  <DBUG> |dhcpdwrap| |dhcp| Relayed: DISCOVER server=192.168.1.32 giaddr=192.168.1.3 MAC=90:68:c3:ed:d0:31
Oct 2 14:26:11 :202533:  <DBUG> |dhcpdwrap| |dhcp| Relayed: DISCOVER server=192.168.1.31 giaddr=192.168.1.3 MAC=90:68:c3:ed:d0:31
Oct 2 14:26:11 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x42 opcode 0x5a ingress 0x0 vlan 1 egress 0x2140 src mac 00:0b:86:61:24:b0
Oct 2 14:26:11 :202536:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1: REQUEST 90:68:c3:ed:d0:31 Transaction ID:0xda19b573 reqIP=192.168.1.98 Options 3d:019068c3edd031 39:05dc 3c:6468637063642d352e352e36 0c:616e64726f69642d65633466376639303138653534353335 37:012103060f1a1c333a3b
Oct 2 14:26:11 :202523:  <DBUG> |dhcpdwrap| |dhcp| dhcprelay: dev=eth1, length=315, from_port=67, op=1, giaddr=192.168.1.3
Oct 2 14:26:11 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x42 opcode 0x5a ingress 0x2140 vlan 1 egress 0x10020 src mac 74:9d:dc:4b:08:41
Oct 2 14:26:11 :202544:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1: ACK 90:68:c3:ed:d0:31 Transaction ID:0xda19b573 clientIP=192.168.1.98

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Jes
Occasional Contributor II

Re: Why am I seeing strange IPs in the user-table?

Ok, the client never re-connected, so I am going back through the logs to see if I can find the origional connecton.

 

Err.. logging was not enabled prior, nevermind.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: