Wireless Access

last person joined: 10 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Howto detect IP conflict (collision)

  • 1.  Howto detect IP conflict (collision)

    Posted Jan 30, 2013 04:55 AM

    Hello everybody,


    almost every month I have support case that eventually turns into IP address conflict.


    I found extremely difficult to debug it remotely as there is no syslog, error or tool on controller for this.


    What is your best practice to resolve such case? Any ideas, tools?




  • 2.  RE: Howto detect IP conflict (collision)

    Posted Jan 30, 2013 04:57 AM

    Is that ip conflict with a client or with an access point?


  • 3.  RE: Howto detect IP conflict (collision)

    Posted Jan 30, 2013 07:02 AM

    It's colliding with AP or controller....

  • 4.  RE: Howto detect IP conflict (collision)

    Posted Jan 30, 2013 07:55 AM

    The access point will only let you know if you are in the console.  The controller will not detect or alert you of an ip conflict.


    For users, the "Protect IP Spoofing" in Configuration> Advanced> Stateful firewall can protect users from having the same ip address.


  • 5.  RE: Howto detect IP conflict (collision)

    Posted Jan 31, 2013 05:53 AM

    The IP addresses of all controller interfaces will be permanently installed in the 'datapath user table'.  So you don't need to be concerned about duplicate IP addresses (by end users).  Obviously, the controller can't stop anybody from configuring a router with the same IP address.


    For AP's IP address, our best practice would be to use a VLAN that is separate from any user VLAN.  So the chance of IP conflict is small.  Also, you can make use of the 'validuser' ACL to allow users to use IP address in a certain range.  In addition, you can enable DHCP enforement in the relevant AAA profile such that controller will only install address that are given out by a DHCP server.  I.e. users would be able to use static IP address.