Wireless Access

Hello everybody,

almost every month I have support case that eventually turns into IP address conflict.

I found extremely difficult to debug it remotely as there is no syslog, error or tool on controller for this.

What is your best practice to resolve such case? Any ideas, tools?

Thanks,

             V.D.

Is that ip conflict with a client or with an access point?

It's colliding with AP or controller....

The access point will only let you know if you are in the console.  The controller will not detect or alert you of an ip conflict.

For users, the "Protect IP Spoofing" in Configuration> Advanced> Stateful firewall can protect users from having the same ip address.

The IP addresses of all controller interfaces will be permanently installed in the 'datapath user table'.  So you don't need to be concerned about duplicate IP addresses (by end users).  Obviously, the controller can't stop anybody from configuring a router with the same IP address.

For AP's IP address, our best practice would be to use a VLAN that is separate from any user VLAN.  So the chance of IP conflict is small.  Also, you can make use of the 'validuser' ACL to allow users to use IP address in a certain range.  In addition, you can enable DHCP enforement in the relevant AAA profile such that controller will only install address that are given out by a DHCP server.  I.e. users would be able to use static IP address.