Solved: Stale user-table entry and duplicate IP address

I identified an issue yesterday whereby after authenticating, my device was given an IP address by our external DHCP server but not able to access any resources. Upon inspection of the user list, there was already a client that appeared to be using that address, and my device appeared with its external data network IP. The DHCP logs show that the second device released its lease and that my device took the address several minutes later.

I guess there is a lag between release of the IP when disconnecting, and removing it from the user table, effectively allowing DHCP to offer addresses that the controller still thinks are in use.

Is this situation a case for using aaa user fast age?

Yes, or "enforce dhcp" in the AAA profile.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

I was under the impression 'Enforce DHCP' simply prevented statically assigned IP addresses? This is not the case here as both device got the address from the DHCP server, but the controller failed to acknowledge the disconnect/release in time.

The odd thing is, under the client list in the GUI, the entry for the IP address that my device had been given, showed my access point, but the other user's name and device. Is this a bug?

If you have a user that is getting another device's ip address via DHCP, I would make sure that your DHCP lease is at least 15 minutes long to prevent that.

Enforce DHCP only allows a device that gets an ip address from a DHCP conversation that the controller has seen to enter the user table. The controller does not use a DHCP release in any DHCP enforcement.

I do not have your logs, so I cannot comment on the display being a bug. If you open a case with TAC they might be able to provide clarity.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

The lease is set to 1 day. The issue is that the user is not removed from the list of users on the conrtroller quickly enough once it disconnects. This allows a different client to legitimately re-use the IP address, but not be able to connect through the controller.

What is the output of "show aaa timers"?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Global User idle timeout = 3600 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
User Interim stats frequency = 300 seconds

Joecarter,

Is there a reason the idle-timeout is 3600? It is typically 300. If your lease is one day it should not matter, but I would try AAA user fast age before adjusting the timer back to the defaults.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

how do you change the AAA fast age? I could not find anywere.

config t

aaa user fast-age

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Security

Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Encrypting Guest traffic

NPS 2008 - user auth and fails not showing in eventviewer?

Step-by-Step: How to Configure Microsoft IAS Radius Server from Scratch

limiting the number of device s a user can have

IAP and external Captive Portal

Creative Configurations

Remote AP

ISO 24730 Standard

ap uptime

COTD: Getting quick information on an 802.1x client

WPA-PSK and VLAN assignment via MAC address

Cisco ACS and Aruba Radius Auth

Remove wireless profiles on Windows XP machines

Rolling out 802.1x with GTC

Making DHCP mandatory on Aruba WLAN

AirWave Downloads

Analytics and Location Engine Downloads

ArubaOS (FIPS) Downloads

Beta Downloads

DRT Downloads

Remote AP Networks

Indoor 802.11n Site Survey and Planning

AOS 6.4.1 HTML Technical Document

Lync Over Aruba WiFi

AOS and CPPM – Dot1x Authentication and integration

Security

Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Re: Stale user-table entry and duplicate IP address

Follow Us