ArubaOS and Controllers

New Contributor

Duplicate Sessions? Same MAC Address?

I have a situation where users will plug their laptops into the LAN via a patch cable and they will leave their WiFi connection to our Aruba controller connected. Some, but not all, laptops will send a packet to the Aruba controller using their WiFi IP address and then later send a packet to the Aruba controller using their LAN IP address. In both cases, the source MAC address of the packet is the MAC address of the WiFi controller on their laptop.

As a result, those users are taking up 2 sessions on the controller and sometimes we eventually top out at 256 user sessions.

I thought it might be the XP "build" that we use on the company laptops, but a brand new laptop with a raw (Microsoft standard) XP install (Service Pack 2) will exhibit the same behavior.

I was able to verify that the laptops are sending two packets with different source IP's but the same source MAC by running a WireShark capture on the test machine and reading through the saved capture file.

ArubaOS version
Aruba 800-16 controller.
All Aruba AP-60, AP-61, and AP-70 Access Points

Has anyone else seen this behavior?

Thanks in advance,

Aruba Employee

Re: Duplicate Sessions? Same MAC Address?

Yep....Windows will "leak" wired IP addresses out the WLAN side and these IPs show up in the user table in the aruba controller, taking a user from the user count.

You'll need to configure and enable a "valid-user" ACLs which basically prevents these known wired networks from being placed into the user datapath, thus preventing the multiple entries and keeping you well under the max user count of the controller.

Should be referenced in the documentation.
New Contributor

Re: Duplicate Sessions? Same MAC Address?



BTW You ought to pass this along to your tech support - they told me they have never seen this problem before.

Occasional Contributor II

Re: Duplicate Sessions? Same MAC Address?

Brian - I have come across this as well. Where in the documentation is this found.

Guru Elite



There is no specific documentation about this, but the "validuser" acl is the way to deal with this. Details about the validuser ACL and how it can prevent 169.x.x.x and other undesirable addresses from entering the user table is listed in the knowledgebase on the support site, answer ID 40.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: