Hi Ryan,
From your description, it sounds client keeps the address in use even though the client has got disconnected.
Basically it should release the address which is the concern for us. Please let me know what is the code version running on the controller.
Whenever a system disconnects from an L2TP VPN Pool, the IP will be aged out based upon 6 * the l2tp hello timer.
The hello timer is 60 seconds by default; so 6 minutes should be the ageout here.
Find below output from my lab controller
(Aruba) #show vpdn l2tp configuration
Enabled
Hello timeout: 60 seconds
DNS primary server: 8.8.8.8
DNS secondary server: 4.2.2.2
WINS primary server: 0.0.0.0
WINS secondary server: 0.0.0.0
PPP client authentication methods:
PAP
IP LOCAL POOLS:
test: 1.1.1.1 - 1.1.1.50
However this timer is still configurable on the controller.
config terminal
vpdn group l2tp
l2tp tunnel hello <timer>
To understand how many addresses are in user in your VPN pool either by clients or remote AP`s.
Please use the below command.
In the below case it is just none, if there are VPN user present on the controller this should give the list.
(Aruba) #show vpdn l2tp local pool
IP addresses used in pool test
none
Total:-
0 IPs used - 50 IPs free - 50 IPs configured
IP pool allocations / de-allocations - L2TP: 0/0 IKE: 0/0
For now, you could bump up the Address pool to avoid any network disruption and enable below debugging to capture more info.
(Aruba) (config) #logging level debugging security
(Aruba) (config) #logging level debugging security process l2tp
Note:- It is recommended to disable the debugging once we collected the debug info and logs.tar from controller.
If this issue is time sensitive, please open up TAC case to validate along with the above debugging to understand root cause.
Regards
Sriram