Wireless Access

Reply
MVP

enforce DHCP failing

So I've got 2 PCs here (both my own) that just had issues communication through our corp network.

Looking into this I found that the controller was dropping packets of both pc due to "drop pkt as ip not assigned through dhcp".

Both PCs are configured for DHCP and even after releasing and renewing the controller kept dropping packets.

 

Check the timestamps on these:

 

(Aruba620) #show log network all | include 00:26:82:d2:42:7e
May 30 13:00:12 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x100040 opcode 0x5a ingress 0x1001b vlan 2118 egress 0x846 src mac 00:26:82:d2:42:7e
May 30 13:00:12 :202536:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: REQUEST 00:26:82:d2:42:7e Transaction ID:0xa9321c07 reqIP=172.21.18.22 Options 3d:01002682d2427e 0c:4c542d3030303230 51:0000004c542d30303032302e707362652e73697465 3c:4d53465420352e30 37:010f03062c2e2f1f2179f92b
May 30 13:00:12 :202544:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: ACK 00:26:82:d2:42:7e Transaction ID:0xa9321c07 clientIP=172.21.18.22
May 30 13:00:15 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x100040 opcode 0x5a ingress 0x1001b vlan 2118 egress 0x846 src mac 00:26:82:d2:42:7e
May 30 13:00:15 :202542:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: INFORM 00:26:82:d2:42:7e Transaction ID:0xe0c5b1c8 clientIP=172.21.18.22
May 30 13:00:15 :202544:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: ACK 00:26:82:d2:42:7e Transaction ID:0xe0c5b1c8 clientIP=172.21.18.22
May 30 13:00:15 :202544:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: ACK 00:26:82:d2:42:7e Transaction ID:0xe0c5b1c8 clientIP=172.21.18.22
May 30 13:00:15 :202544:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: ACK 00:26:82:d2:42:7e Transaction ID:0xe0c5b1c8 clientIP=172.21.18.22



May 30 13:00:12 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40
May 30 13:00:12 :522141:  <DBUG> |authmgr|  00:26:82:d2:42:7e IP 172.21.18.22: drop pkt as ip not assigned through dhcp.
May 30 13:00:14 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40
May 30 13:00:14 :522141:  <DBUG> |authmgr|  00:26:82:d2:42:7e IP 172.21.18.22: drop pkt as ip not assigned through dhcp.
May 30 13:00:16 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40
May 30 13:00:16 :522141:  <DBUG> |authmgr|  00:26:82:d2:42:7e IP 172.21.18.22: drop pkt as ip not assigned through dhcp.
May 30 13:00:18 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40
May 30 13:00:18 :522141:  <DBUG> |authmgr|  00:26:82:d2:42:7e IP 172.21.18.22: drop pkt as ip not assigned through dhcp.
May 30 13:00:21 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40
May 30 13:00:21 :522141:  <DBUG> |authmgr|  00:26:82:d2:42:7e IP 172.21.18.22: drop pkt as ip not assigned through dhcp.
May 30 13:00:23 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40
May 30 13:00:23 :522141:  <DBUG> |authmgr|  00:26:82:d2:42:7e IP 172.21.18.22: drop pkt as ip not assigned through dhcp.
May 30 13:00:25 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40
May 30 13:00:25 :522141:  <DBUG> |authmgr|  00:26:82:d2:42:7e IP 172.21.18.22: drop pkt as ip not assigned through dhcp.
May 30 13:00:28 :522026:  <INFO> |authmgr|  MAC=00:26:82:d2:42:7e IP=172.21.18.22 User miss: ingress=0x1001b, VLAN=2118 flags=0x40

So even after seeing several ACKs the controller keeps dropping packets.

This is not the first time it happened either so I'd realy like to find out why this is happening. Anyone have any ideas? Or is this a bug? Running 6.4.3.7. 

 

 

Ok, now even more users with this isue.  Disabled enforce DHCP for now.

 

(Aruba620) #show log network all | include c8:ff:28:9a:f6:6a  
May 30 13:19:35 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x100040 opcode 0x5a ingress 0x10019 vlan 2118 egress 0x2128 src mac c8:ff:28:9a:f6:6a
May 30 13:19:35 :202538:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: RELEASE c8:ff:28:9a:f6:6a Transaction ID:0xd36ae9f0 clientIP=172.21.19.22
May 30 13:19:59 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x100040 opcode 0x5a ingress 0x10019 vlan 2118 egress 0x846 src mac c8:ff:28:9a:f6:6a
May 30 13:19:59 :202534:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: DISCOVER c8:ff:28:9a:f6:6a Transaction ID:0x525670ef Options 3d:01c8ff289af66a 0c:4c542d3030303938 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
May 30 13:19:59 :202546:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: OFFER c8:ff:28:9a:f6:6a Transaction ID:0x525670ef clientIP=172.21.18.23
May 30 13:19:59 :202546:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: OFFER c8:ff:28:9a:f6:6a Transaction ID:0x525670ef clientIP=172.21.19.22
May 30 13:19:59 :202541:  <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x100040 opcode 0x5a ingress 0x10019 vlan 2118 egress 0x846 src mac c8:ff:28:9a:f6:6a
May 30 13:19:59 :202536:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: REQUEST c8:ff:28:9a:f6:6a Transaction ID:0x525670ef reqIP=172.21.19.22 Options 3d:01c8ff289af66a 0c:4c542d3030303938 51:0000004c542d30303039382e707362652e73697465 3c:4d53465420352e30 37:0103060f1f212b2c2e2f79f9fc
May 30 13:19:59 :202544:  <DBUG> |dhcpdwrap| |dhcp| Datapath vlan2118: ACK c8:ff:28:9a:f6:6a Transaction ID:0x525670ef clientIP=172.21.19.22


(Aruba620) #show log user-debug all | include c8:ff:28:9a:f6:6a
May 30 13:19:45 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:19:45 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:00 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:00 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:02 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:02 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:04 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:04 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:06 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:06 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:08 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:08 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:09 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:09 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:12 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:12 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:14 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:14 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
May 30 13:20:16 :522026:  <INFO> |authmgr|  MAC=c8:ff:28:9a:f6:6a IP=172.21.19.22 User miss: ingress=0x10019, VLAN=2118 flags=0x40
May 30 13:20:16 :522141:  <DBUG> |authmgr|  c8:ff:28:9a:f6:6a IP 172.21.19.22: drop pkt as ip not assigned through dhcp.
Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: enforce DHCP failing

There is a bug in Enforce DHCP that we are investigating.  Feel free to disable it if you can, until we update this post here.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: enforce DHCP failing

I am having the exact same issue with code level 6.4.2.13. I opened a tac case and they say this bug is for something different? "

I appreciate your patience. I would like to inform that there is a bug in 6.4.3.7. However, that issue is different. In 6.4.3.7 version, the issue is DHCP enforcement in the AAA profile failed in a controller for some clients connecting with static IP addresses. The fix ensures that the traffic from all clients with static IP address is blocked when DHCP enforcement is enabled in the AAA profile.

 

This issue occurred when MAC-OS clients with static IP address connected to a controller on which the DHCP enforcement was enabled in the AAA profile. This issue was observed in controllers running Aruba OS 6.4.3.x. and this issue is fixed in 6.4.4.10 version.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: