Security

Reply
Highlighted
Contributor II

Re: Roaming Guests Losing DHCP Lease

No, not within guest-aaa-profile.

 

We have:

 

GUEST-POOL            Hash             1410-1414

Highlighted
Guru Elite

Re: Roaming Guests Losing DHCP Lease

I would change your guest authenticated role to something will "allowall" and start from there.  It could take hours to guess what is wrong here.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor II

Re: Roaming Guests Losing DHCP Lease

So it seems removing the deny 68 cleared the issue:

 

ip access-list session guest
  any any udp 68  deny <<<<<<<<<<<<<<< Removed
  any any svc-dhcp  permit
  any   alias Controller-Guest-ICMP svc-icmp  permit
  user   alias Public_DNS svc-dns  permit
  any any svc-dns  permit
  user   alias LAN_Printers any  permit
  user   alias "Phone Directory" svc-http  permit
  user   alias Websense_Redirect_Servers tcp 15871  permit
  user   alias Internal_Networks any  deny
  user   alias PUBLICLY-HOSTED-IPS any  deny
  user any any  permit

 

I had the user roam, could see new associations on the controller and never lost an extended ping to the client.

 

What still doesn't make sense is why the client has to broadcast again for it's DHCP server and lease when it should keep one per the DHCP server shouldn't it?

Highlighted
Contributor II

Re: Roaming Guests Losing DHCP Lease

 
Highlighted
Contributor II

Re: Roaming Guests Losing DHCP Lease

Google:

 

site:http://arubanetworks.com "any any udp 68  deny"

 

Use "user" not "any". The ACL is designed to stop a host turning up in the air running a DHCP server.

 

Thanks for your input though.