Controllerless Networks

 View Only
last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Expand all | Collapse all

Issues with DHCP and Authentication

This thread has been viewed 39 times
  • 1.  Issues with DHCP and Authentication

    Posted 15 days ago

    For as long as I have had the Aruba Central/Controllerless/IAP network running I have had issues with DHCP and authentication. I didn't have these issues before with controllers so I figure the issue lives in the configuration of my environment. Where the issue is, I don't know. I have had multiple TAC tickets open on the issue and yet can't get anyone to figure out what is wrong. Constant disconnections, long waits on roaming and super slow speeds can't be normal. How would Aruba/HPE stay in business if this is how their products work?

    So first up is Authentication. Within the last 24 hours I have had 80% of my clients have some kind of authentication issue:

    It says there is a timeout at the authentication server. Checking Clearpass that appears to be correct:

    Not sure why this happens. Research tells me that packets are getting lost. TAC has told me this but can't give me a solution. There has to be one somewhere. Aruba APs attached to Aruba switches, that are managed through Aruba Central while using Aruba Clearpass leads me to think Aruba might know. The Clearpass tech told me this was normal behavior. I don't believe that because it didn't happen when I had 7210 controllers running things. The last TAC tech I talked to yesterday said the controllers would manage this as well as the DHCP problem, but if that's the case why does the controllerless environment exist?

    For DHCP I get see this:

    I have redundant DHCP servers on the network and they work just fine and always have. Now I have 70% of clients having DHCP issues. This one I don't understand, other than I was told that packets were being lost and it was left at that. How is that possible? How can I fix that? I have DHCP relays in the switch configurations. Do I need IP Helper Address? I asked TAC about that but they weren't clear if that was necessary. I was told to run more tech support commands from the APs and email them. I guess that might help.

    What's weird is I can clearly show the issue is happening everyday, but if I can't make it happen when on the phone with them, then it isn't happening. I need a little more support than that.

    Anyway, I have had good results getting help through here with the good people who respond. I am hoping someone can give me any possible assistance. 

    Thanks!



  • 2.  RE: Issues with DHCP and Authentication

    EMPLOYEE
    Posted 15 days ago

    What models/versions are in play?  What kind of network are these running on (LAN vs WAN)?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Issues with DHCP and Authentication

    Posted 15 days ago

    These are AP-515s running 10.6.0.3 over a LAN




  • 4.  RE: Issues with DHCP and Authentication

    EMPLOYEE
    Posted 15 days ago

    How many APs?  All APs in the same management VLAN?  Single RF roaming domain?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: Issues with DHCP and Authentication

    Posted 15 days ago
    140 APs
    All in the same management VLAN
    I'm not 100% sure of your last question but everyone is in the same domain.


    This message and any associated files is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright, or constitutes privileged content. If you are not the intended recipient, you are hereby notified that any dissemination, copying, or distribution of this message or files associated with this message is strictly prohibited. If you believe you have received this message in error, please notify us immediately by replying to the message and then deleting it from your computer. Thank you.





  • 6.  RE: Issues with DHCP and Authentication

    EMPLOYEE
    Posted 15 days ago

    You might want to downgrade the APs back to the latest 10.4.1.x release.  Several customer have noticed an impact to their networks when operating on 10.5/10.6 that goes away when back on 10.4.1.x.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 7.  RE: Issues with DHCP and Authentication

    EMPLOYEE
    Posted 15 days ago

    to be specific 10.4.1.4 firmware.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 8.  RE: Issues with DHCP and Authentication

    Posted 14 days ago

    Well this is interesting.

    Two weeks ago I has having an issue with users and PMK cache not clearing on the APs which made roaming impossible for many users and was instructed by TAC to go from 10.4  to 10.6 because that bug was fixed there.

    Out of curiosity is there a firmware that actually works?




  • 9.  RE: Issues with DHCP and Authentication

    Posted 14 days ago

    Here is an example of what I see all day long. Users get kicked off sometimes for a few seconds some times for several minutes. Walking out of the room and back in may reconnect. Turning WiFi on and may reconnect.

    It appears to be random but some users see it more than others. But as you see below at 11:15 the user is disconnected by the system and then reconnects for a short time and then is reconnected after a few minutes. The user then may never see another issue again all day or will have the issue happen multiple times. This has been going on for as long as we have left the controllers behind. 




  • 10.  RE: Issues with DHCP and Authentication

    Posted 3 days ago

    Good News

    We were able to fix this issue with TAC by adding all the DHCP addresses to the DCHP helper address line on the core switches. That cleared up about 90% of the DHCP issues. The other authentication issue with Timeouts in Clearpass is another issue. The Clearpass TAC tech said the problem is in the IAPs. When the client attempt the Access Challenge to Clearpass the second or third challenge will get dropped by the IAP and not reach Clearpass. That leads to the Timeout.

    I am supposed to meet with the TAC techs from Clearpass and Central tomorrow to test this and figure out why it happens everywhere in the network. Hopefully we can get this all cleared up.