Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Wireless Clients do not get IP address from DHCP server

Jump to Best Answer
  • 1.  Wireless Clients do not get IP address from DHCP server

    Posted Nov 19, 2019 04:05 AM

    Hello,

    I am new to Aruba Controllers and I configured the controller with user guides. 

    We have two standalone 7220 controllers (ArubaOS (MODEL: Aruba7220), Version 8.5.0.1) on the site. Around 130 clients can connect to the Wi-Fi network. But new users are not able to connect. I have attached configuration and some logs to give you more information. Could you please help me to solve the issue? I can provide any additional information.

    Attachment(s)



  • 2.  RE: Wireless Clients do not get IP address from DHCP server

    Posted Dec 08, 2019 01:36 PM

    What is the size of your DHCP scope?  Is the DHCP scope exhausted?



  • 3.  RE: Wireless Clients do not get IP address from DHCP server
    Best Answer

    Posted Dec 09, 2019 12:39 PM

    Hello,

     

    From the Logs..

     

    logging level debugging user-debug 50:1c:b0:3a:54:ea process dhcpd subcat all


    >>>>>>>>>>>

    AP Reboot Issue:
    Nov 19 09:59:38 nanny[3668]: <303022> <WARN> |AP CR7ASW001AP03@172.20.2.133 nanny| Reboot Reason: AP rebooted Wed Dec 31 16:05:15 PST 1969; DHCP timed out
    Nov 19 09:59:40 nanny[3693]: <303022> <WARN> |AP CR7ASW001AP04@172.20.2.134 nanny| Reboot Reason: AP rebooted Wed Dec 31 16:05:15 PST 1969; DHCP timed out

    >>>>>>>>>>>

    Channel Interferrence:
    Nov 19 10:08:01 KERNEL(CR03ASW001AP08@172.20.2.10): [2163340.623777] dfs_radar_enable: firpwr=0, rssi=0, height=0, prssi=0, inband=0, relpwr=0, relstep=0, maxlen=0
    Nov 19 10:08:02 KERNEL(CR03ASW001AP08@172.20.2.10): [2163341.352705] dfs_init_radar_filters: dfsdomain=2, numradars=9, numb5radars=0
    Nov 19 10:08:02 KERNEL(CR03ASW001AP08@172.20.2.10): [2163341.352737] DFS max pulse dur = 61 ticks
    Nov 19 10:08:02 KERNEL(CR03ASW001AP08@172.20.2.10): [2163341.352737] DFS max pulse pri = 5004, min pulse pri = 246
    Nov 19 10:08:02 KERNEL(CR03ASW001AP08@172.20.2.10): [2163341.352737] DFS min filter rssiThresh = 15
    Nov 19 10:08:02 KERNEL(CR03ASW001AP08@172.20.2.10): [2163341.352768] Enabled radar detection on channel 5520
    Nov 19 10:08:02 KERNEL(CR03ASW001AP08@172.20.2.10): [2163341.352768] dfs_radar_enable: duration multiplier is 72
    >>>>>>>>>>>

    Errors:
    Nov 18 08:53:11 dot1x-proc:1[4335]: <138093> <4335> <ERRS> |dot1x-proc:1| WPA2 Key message 2 from Station 90:97:f3:32:ee:64 20:a6:cd:25:ec:60 TE045AP01 did not match the replay counter 03 vs 04
    Nov 18 08:53:46 dbsync[3826]: <307269> <3826> <ERRS> |dbsync| dbsync: timed out, failed to complete in time (state= WAITING FOR ACK FROM STANDBY TO START, timeout= 30000)
    Nov 18 08:54:51 dot1x-proc:2[4338]: <138093> <4338> <ERRS> |dot1x-proc:2| WPA2 Key message 2 from Station 68:5a:cf:c7:d3:69 20:a6:cd:25:ec:00 TE041AP01 did not match the replay counter 01 vs 03
    Nov 18 08:54:51 dot1x-proc:2[4338]: <138093> <4338> <ERRS> |dot1x-proc:2| WPA2 Key message 2 from Station 68:5a:cf:c7:d3:69 20:a6:cd:25:ec:00 TE041AP01 did not match the replay counter 03 vs 04
    Nov 18 08:56:02 dot1x-proc:2[4338]: <138093> <4338> <ERRS> |dot1x-proc:2| WPA2 Key message 2 from Station 0c:b3:19:49:3e:b7 20:a6:cd:25:ed:20 TE025AP01 did not match the replay counter 03 vs 04
    Nov 18 08:58:54 stm[3328]: <304055> <ERRS> |AP CR03ASW001AP03@172.20.2.16 stm| |ap| Unexpected stm (Station management) runtime error at handle_assoc_req, 7314, sta_mac:3c:57:6c:41:e8:0c, in_drvr_mgmt:0
    Nov 18 09:00:40 stm[3315]: <304055> <ERRS> |AP CR2ASW005AP02@172.20.2.81 stm| |ap| Unexpected stm (Station management) runtime error at handle_assoc_req, 7314, sta_mac:54:fc:f0:b0:b9:25, in_drvr_mgmt:0
    Nov 18 09:03:47 dbsync[3826]: <307269> <3826> <ERRS> |dbsync| dbsync: timed out, failed to complete in time (state= WAITING FOR ACK FROM STANDBY TO START, timeout= 30000)
    Nov 18 09:13:48 dbsync[3826]: <307269> <3826> <ERRS> |dbsync| dbsync: timed out, failed to complete in time (state= WAITING FOR ACK FROM STANDBY TO START, timeout= 30000)

    >>>>>>>>>>>>

    IP spoof warning with Samsung/Huawei NIC cards:
    Nov 18 22:20:28 authmgr[3645]: <522027> <3645> <WARN> |authmgr| MAC=14:3c:c3:fe:2c:80 IP=172.24.0.181 IP Spoof from MAC=d8:32:e3:9e:e6:84 role=authenticated/(null)
    Nov 18 22:21:33 authmgr[3645]: <522027> <3645> <WARN> |authmgr| MAC=14:3c:c3:fe:2c:80 IP=172.24.0.181 IP Spoof from MAC=d8:32:e3:9e:e6:84 role=authenticated/(null)
    Nov 18 22:22:46 authmgr[3645]: <522027> <3645> <WARN> |authmgr| MAC=14:3c:c3:fe:2c:80 IP=172.24.0.181 IP Spoof from MAC=d8:32:e3:9e:e6:84 role=authenticated/(null)

    >>>>>>>>>>>>

     

    Even the APs were failing to get the IP addressfrom the Server, so they were rebooting.

     

    - show aaa state station <Test_Client_MAC> --> To check if the client is authenticated and getting the role correctly, note the role-name of the client

    - show rights "role-name" --> confirm that the role-name have the DHCP allowed on the ACL

     

    After the above steps, please check the below:

    -For testing you can confiugre a test VLAN for the "PoB" SSID and see if it is working to confirm that it is not VLAN specific issue

    -Try assiging Static IP and check the result if and after succesful authentication 

    - Server connectivity for the client VLAN 500

    -Check if there is DCHP helper is configured on the VLAN/Gateway I/F

    - Check on the Server logs, whether we are getting the DHCP Discover from the clients

    -If yes, Check the server scope

    -If not, check each hops inbetween if there is DHCP drops

    -If we get Offer from Server, we should be seeing Offer from the Server, which is not present in the logs file

     

    By this time you will be able to identify the issue. Please share the result, I might be able to help you.

     

    Also, please keep an eye on the other Errors/ Warning that I have highlighted above, seems you are experiencing lot of interference in the Air.

     

    Good Luck!!

     

     

    - Jeeva Selvakumar