WLC 7010 (OS: 18.104.22.168) and AP-325 (2 Qty)
Hi now our staff complaints as, Intermittently mobile devices or laptop not getting ip address from controller (dhcp server configured on 7010 controller itself) when they moved to new ap or if they disconnected wifi and reconnect immediately.
after couple of minutes same user (device) able to get the ip address and have network access.
recently we have created a new AP group (select existing group and save with new name) and moved both APs to new group, created new VAP and attached existing SSIDs (otherthan no changes).
make sure the user has "any any svc-dhcp permit" in the ACL attached to the user role.
ok, now we added the "any any svc-dhcp permit" to user ACL (attached the screenshot, erlier the ACL entry was "user any svc-dhcp permit".
we will check and update you.
wireless clients getting IP address from controller, but when users disconnect the wifi and immediately reconnectd or users moved to nearby office and device trying to connect to this office AP wireless clients not getting IP, after sometime (couple of minutes) device getting IP using the same AP or different AP.
We suspect that when clients /devices roaming between the station (that means first client connect to ssid on AP-01, getting ip and network access , then moved to next office and trying to connect same ssid on AP-02) & also disconnect the wifi and immediately connected again, controller maintain the previces connection details after a timeout duration /session clearing time only controller allow the wireless client device to get the IP Address and communication.
could you please help me to get the solution for this.
You have to add the any any service dhcp ACL to the production role, as well. Not just the initial role.
hi cjoseph, sorry i couldn't able to understand what it means "production role" where we caan assig this role.
When you first associate to the WLAN, the clients gets into the initial role. AFTER the client authenticates to the guest network, they switch to a "production" role. You need to make sure that the "any any service dhcp" is in the ACL for both roles.
Having a user any svc-dhcp means a user will only get an ip address if he is currently in the user table. That means returning users possibly won't get an ip address until they get a 169.x.x.x address and enter the user table.
Thanks now this part is clear, if possible could you pease clarify me about Post Authentication Role assignment for SSID with Preshared Key.
we are configured as SSID with preshared key only (no MAC /L2 and user based authentication), for this situation Post authentication role need to assign on initial role of respective (currently mapped the ssid) AAA Profile, am i correct.
if yes as per our AAA profile (attached) access list (any any dhcp permit) need to add on "Auth" role.
am i correct, please do correct me.
For the PSK SSID, it would be the initial role. Yes.
Thank you very much, i will check this and update you asap.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.