08-07-2014 03:50 AM
when i view the user-table on a controller, i see ip addresses popping up which are not within our network. Alongside is then their address (in 192.168 range) they get from our internal dhcp server.
(WIFI-BE-DI-004) # show user-table | include 90:b9:31:d4:94:ee
220.127.116.11 90:b9:31:d4:94:ee authenticated 00:04:12 AP-BE-DI-023 Wireless mgmt/d8:c7:c8:6a:19:11/g-HT mgmt-aaa_prof tunnel iPad
192.168.103.90 90:b9:31:d4:94:ee authenticated 00:04:12 AP-BE-DI-023 Wireless mgmt/d8:c7:c8:6a:19:11/g-HT mgmt-aaa_prof tunnel iPad
Where could these come from?
08-07-2014 03:56 AM
They could come from:
- "leakage" of WAN addresses of mobile devices through the WLAN interface
- "leakage" of VMWARE addresses through the WLAN interface
- static ip addresses on hosts
You can use "enforce-dhcp" in the AAA profile so that the controller will only allow ip addresses that were obtained through DHCP in the controller: https://arubanetworkskb.secure.force.com/pkb/artic
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base