Well this is interesting.
Two weeks ago I has having an issue with users and PMK cache not clearing on the APs which made roaming impossible for many users and was instructed by TAC to go from 10.4 to 10.6 because that bug was fixed there.
Original Message:
Sent: Sep 26, 2024 07:54 PM
From: ariyap
Subject: Issues with DHCP and Authentication
to be specific 10.4.1.4 firmware.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Sep 26, 2024 12:06 PM
From: chulcher
Subject: Issues with DHCP and Authentication
You might want to downgrade the APs back to the latest 10.4.1.x release. Several customer have noticed an impact to their networks when operating on 10.5/10.6 that goes away when back on 10.4.1.x.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Sep 26, 2024 11:54 AM
From: mmurphy
Subject: Issues with DHCP and Authentication
140 APs
All in the same management VLAN
I'm not 100% sure of your last question but everyone is in the same domain.
This message and any associated files is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright, or constitutes privileged content. If you are not the intended recipient, you are hereby notified that any dissemination, copying, or distribution of this message or files associated with this message is strictly prohibited. If you believe you have received this message in error, please notify us immediately by replying to the message and then deleting it from your computer. Thank you.
Original Message:
Sent: 9/26/2024 11:36:00 AM
From: chulcher
Subject: RE: Issues with DHCP and Authentication
How many APs? All APs in the same management VLAN? Single RF roaming domain?
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Sep 26, 2024 11:16 AM
From: mmurphy
Subject: Issues with DHCP and Authentication
These are AP-515s running 10.6.0.3 over a LAN
Original Message:
Sent: Sep 26, 2024 10:59 AM
From: Carson Hulcher
Subject: Issues with DHCP and Authentication
What models/versions are in play? What kind of network are these running on (LAN vs WAN)?
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Sep 26, 2024 09:07 AM
From: mmurphy
Subject: Issues with DHCP and Authentication
For as long as I have had the Aruba Central/Controllerless/IAP network running I have had issues with DHCP and authentication. I didn't have these issues before with controllers so I figure the issue lives in the configuration of my environment. Where the issue is, I don't know. I have had multiple TAC tickets open on the issue and yet can't get anyone to figure out what is wrong. Constant disconnections, long waits on roaming and super slow speeds can't be normal. How would Aruba/HPE stay in business if this is how their products work?
So first up is Authentication. Within the last 24 hours I have had 80% of my clients have some kind of authentication issue:
It says there is a timeout at the authentication server. Checking Clearpass that appears to be correct:
Not sure why this happens. Research tells me that packets are getting lost. TAC has told me this but can't give me a solution. There has to be one somewhere. Aruba APs attached to Aruba switches, that are managed through Aruba Central while using Aruba Clearpass leads me to think Aruba might know. The Clearpass tech told me this was normal behavior. I don't believe that because it didn't happen when I had 7210 controllers running things. The last TAC tech I talked to yesterday said the controllers would manage this as well as the DHCP problem, but if that's the case why does the controllerless environment exist?
For DHCP I get see this:
I have redundant DHCP servers on the network and they work just fine and always have. Now I have 70% of clients having DHCP issues. This one I don't understand, other than I was told that packets were being lost and it was left at that. How is that possible? How can I fix that? I have DHCP relays in the switch configurations. Do I need IP Helper Address? I asked TAC about that but they weren't clear if that was necessary. I was told to run more tech support commands from the APs and email them. I guess that might help.
What's weird is I can clearly show the issue is happening everyday, but if I can't make it happen when on the phone with them, then it isn't happening. I need a little more support than that.
Anyway, I have had good results getting help through here with the good people who respond. I am hoping someone can give me any possible assistance.
Thanks!