- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
04-20-2015 06:17 AM
I identified an issue yesterday whereby after authenticating, my device was given an IP address by our external DHCP server but not able to access any resources. Upon inspection of the user list, there was already a client that appeared to be using that address, and my device appeared with its external data network IP. The DHCP logs show that the second device released its lease and that my device took the address several minutes later.
I guess there is a lag between release of the IP when disconnecting, and removing it from the user table, effectively allowing DHCP to offer addresses that the controller still thinks are in use.
Is this situation a case for using aaa user fast age?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
04-20-2015 06:23 AM
Yes, or "enforce dhcp" in the AAA profile.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
04-20-2015 06:31 AM
I was under the impression 'Enforce DHCP' simply prevented statically assigned IP addresses? This is not the case here as both device got the address from the DHCP server, but the controller failed to acknowledge the disconnect/release in time.
The odd thing is, under the client list in the GUI, the entry for the IP address that my device had been given, showed my access point, but the other user's name and device. Is this a bug?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
04-20-2015 06:50 AM
If you have a user that is getting another device's ip address via DHCP, I would make sure that your DHCP lease is at least 15 minutes long to prevent that.
Enforce DHCP only allows a device that gets an ip address from a DHCP conversation that the controller has seen to enter the user table. The controller does not use a DHCP release in any DHCP enforcement.
I do not have your logs, so I cannot comment on the display being a bug. If you open a case with TAC they might be able to provide clarity.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
04-20-2015 06:56 AM
The lease is set to 1 day. The issue is that the user is not removed from the list of users on the conrtroller quickly enough once it disconnects. This allows a different client to legitimately re-use the IP address, but not be able to connect through the controller.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
04-20-2015 06:59 AM
What is the output of "show aaa timers"?
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
04-20-2015 07:13 AM
Global User idle timeout = 3600 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
User Interim stats frequency = 300 seconds
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
04-20-2015 08:14 AM
Is there a reason the idle-timeout is 3600? It is typically 300. If your lease is one day it should not matter, but I would try AAA user fast age before adjusting the timer back to the defaults.
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
08-13-2015 07:42 AM
how do you change the AAA fast age? I could not find anywere.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Stale user-table entry and duplicate IP address
08-13-2015 07:46 AM
config t
aaa user fast-age
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator