Good Morning,
I have a case logged with Aruba Support regarding an issue with iPads and iPhones (latest OS) and connectivity to an 802.1x enterprise network. To summarise:
ArubaOS (MODEL: Aruba3600), Version 6.1.2.7
Vlan1400 10.147.0.0/24
Vlan1401 10.147.1.0/24
Vlan1402 10.147.2.0/24
Vlan1403 10.147.3.0/24
Vlan1404 10.147.4.0/24
SSID is assigned a vlan pool of the above.
- User device connects
- User authentication is successful
- User downloads Radius cert
- IOS device waits for an IP address
- **Using a static IP address, the user connects to network, web etc.**
logging level debugging network process dhcpd subcat dhcp
logging level debugging user-debug 40:b3:95:a7:c9:20
logging level debugging user-debug 40:b3:95:a7:c9:20 subcat configuration
logging level debugging user-debug 40:b3:95:a7:c9:20 process dhcpd
Detailed 802.1x Supplicant Information
Name <removed>
MAC Address 40:b3:95:a7:c9:20
AP MAC Address 00:0b:86:77:ae:08
Status Authentication Success
Unicast Cipher WPA2-AES
Multicast Cipher WPA2-AES
EAP-Type EAP-PEAP
(config) #show log network 100 | include c9:20
May 14 16:17:05 :202541: <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x40 opcode 0x5a in0
May 14 16:17:05 :202534: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: DISCOVER 40:b3:95:a7:c9:20 Options 37:0103060f77fc 394
May 14 16:17:05 :202546: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: OFFER 40:b3:95:a7:c9:20 clientIP=10.147.0.90
May 14 16:17:05 :202546: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: OFFER 40:b3:95:a7:c9:20 clientIP=10.147.0.90
May 14 16:17:06 :202541: <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x40 opcode 0x5a in0
May 14 16:17:06 :202536: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: REQUEST 40:b3:95:a7:c9:20 reqIP=10.147.0.90 Options 34
May 14 16:17:06 :202548: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: NAK 40:b3:95:a7:c9:20 clientIP=0.0.0.0
May 14 16:17:06 :202548: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: NAK 40:b3:95:a7:c9:20 clientIP=0.0.0.0
May 14 16:17:16 :202541: <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x40 opcode 0x5a in0
May 14 16:17:16 :202534: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: DISCOVER 40:b3:95:a7:c9:20 Options 37:0103060f77fc 394
May 14 16:17:16 :202546: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: OFFER 40:b3:95:a7:c9:20 clientIP=10.147.0.90
May 14 16:17:16 :202546: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: OFFER 40:b3:95:a7:c9:20 clientIP=10.147.0.90
May 14 16:17:17 :202541: <DBUG> |dhcpdwrap| |dhcp| Received DHCP packet from Datpath, sos msg hdr flags 0x40 opcode 0x5a in0
May 14 16:17:17 :202536: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: REQUEST 40:b3:95:a7:c9:20 reqIP=10.147.0.90 Options 34
May 14 16:17:17 :202548: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: NAK 40:b3:95:a7:c9:20 clientIP=0.0.0.0
May 14 16:17:17 :202548: <DBUG> |dhcpdwrap| |dhcp| Datapath vlan1400: NAK 40:b3:95:a7:c9:20 clientIP=0.0.0.0
I found some MS Tech blogs:
http://blogs.technet.com/b/teamdhcp/archive/2006/10/26/when-is-dhcp-nak-issued.aspx
“DHCP server will issue a NAK to the client ONLY IF it is sure that the client, “on the local subnet”, is asking for an address that doesn’t exist on that subnet.”
The DHCP scope has plenty of addresses available also.
This is a random issue, happening intermittantly, and seems to be isolated to iPads and iPhones.
When reviewing the DHCP logs, it shows the client mac sending mutltiple renews within the same vlan, but the server sending a NAK for each address. One address that was looked at was 10.147.0.90 and that was already leased to a client till 22nd of May???? I have no idea why the server would offer a client an address that is already leased.
My initial suggestion was to shorten the DHCP lease, which is currently at default of 8 days, this seems to long for me to a roaming wireless client.
If this rings any bells, or anyone has had the same experienve, it would be great to have some feedback.
Thanks.