Security

Reply
Highlighted
Occasional Contributor I

Re: Stale user-table entry and duplicate IP address

Thanks. what is the command to show what I configured.

Highlighted
Guru Elite

Re: Stale user-table entry and duplicate IP address

(Aruba7005-US) (config) #show aaa state configuration 

Authentication State
--------------------
Name                            Value
----                            -----
Switch IP                       192.168.1.3
Switch IPv6                     
Master IP                       192.168.1.3
Switch Role                     master
Current/Max/Total IPv4 Users    11/16/220
Current/Max/Total IPv6 Users    0/0/0
Current/Max/Total User Entries  11/16/228
Current/Max/Total Stations      8/13/222
Pending Station Deletes         0
Captive Portal Users            0
802.1x Users                    3
VPN Users                       3
MAC Users                       0
Stateful 802.1x Users           0
Tunneled users                  0
Configured user roles           10
Configured session ACL          49
Configured destinations         25
Configured services             96
Configured Auth servers         3
Auth server in service          3
Radius server timeouts          0

Successful authentications
--------------------------
Web  MAC  VPN  802.1x  Krb  RadAcct  SecureID  Stateful-802.1x  Management
---  ---  ---  ------  ---  -------  --------  ---------------  ----------
0    0    6    501     0    0        0         0                0

Failed authentications
----------------------
Web  MAC  VPN  802.1x  Krb  RadAcct  SecureID  Stateful-802.1x  Management
---  ---  ---  ------  ---  -------  --------  ---------------  ----------
0    0    0    0       0    0        0         0                0

Idled users              = 202
fast age                 = Enabled <--------------
per-user log             = Enabled
Bandwith contracts       = 0/0
IP takeovers             = 0
Ping/SYN/Sess/CP attacks = 0/0/0/0
ARP/GratARP attacks      = 0/0

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Highlighted
Occasional Contributor I

Re: Stale user-table entry and duplicate IP address

Thank you very much for the information. 

 

please see my AAA state and log messages. Do you think AAA fast-age will resolve my  issues showing in my log messages (duplicate on 172.16.4.0, etc)?

 

Also were the idle users of 132305 too big?

 

thanks,

 

 

(aruba02) #show aaa state configuration

Authentication State
--------------------
Name Value
---- -----
Switch IP 10.80.25.25
Switch IPv6
Master IP 10.80.25.7
Switch Role master
Current/Max/Total IPv4 Users 1334/1446/836558
Current/Max/Total IPv6 Users 0/0/0
Current/Max/Total User Entries 1574/1752/579764
Current/Max/Total Stations 1376/1559/578379
Pending Station Deletes 35
Captive Portal Users 13
802.1x Users 388
VPN Users 116
MAC Users 0
Stateful 802.1x Users 0
Tunneled users 0
Configured user roles 23
Configured session ACL 68
Configured destinations 30
Configured services 100
Configured Auth servers 5
Auth server in service 5
Radius server timeouts 49604

Successful authentications
--------------------------
Web MAC VPN 802.1x Krb RadAcct SecureID Stateful-802.1x Management
--- --- --- ------ --- ------- -------- --------------- ----------
1360 0 782 134199 0 62 0 0 0

Failed authentications
----------------------
Web MAC VPN 802.1x Krb RadAcct SecureID Stateful-802.1x Management
--- --- --- ------ --- ------- -------- --------------- ----------
836 442 0 38799 0 0 0 0 0

Idled users = 132305
fast age = Enabled
per-user log = Enabled
Bandwith contracts = 0/0
IP takeovers = 0
Ping/SYN/Sess/CP attacks = 0/0/0/0
ARP/GratARP attacks = 0/0

 

show log network 50

 

Aug 12 18:48:18 :299801: <DBUG> |dhcpd| Abandoning IP address 172.16.4.93: pinged before offer
Aug 12 18:50:03 :202084: <WARN> |dhcpdwrap| Pool 172.16.4.0/24 has abandoned lease(s)
Aug 12 18:52:07 :299801: <DBUG> |dhcpd| uid lease 172.16.4.200 for client 28:57:67:41:2c:ac is duplicate on 172.16.4.0/24
Aug 12 19:40:28 :299801: <DBUG> |dhcpd| uid lease 172.16.4.232 for client fc:c2:de:c5:67:49 is duplicate on 172.16.4.0/24
Aug 12 19:47:59 :299801: <DBUG> |dhcpd| uid lease 172.16.3.54 for client 68:05:71:3f:9c:0b is duplicate on 172.16.3.0/24
Aug 12 19:53:03 :299801: <DBUG> |dhcpd| uid lease 172.16.3.232 for client 68:05:71:3f:9c:0b is duplicate on 172.16.3.0/24
Aug 13 00:29:43 :299801: <DBUG> |dhcpd| uid lease 172.16.3.138 for client fc:c2:de:c2:98:9a is duplicate on 172.16.3.0/24
Aug 13 06:58:25 :299801: <DBUG> |dhcpd| parse_option_buffer: malformed option dhcp.<unknown> (code 83): option length exceeds option buffer length.
Aug 13 07:05:31 :299801: <DBUG> |dhcpd| Abandoning IP address 172.16.4.131: pinged before offer
Aug 13 07:30:11 :299801: <DBUG> |dhcpd| Abandoning IP address 172.16.4.227: pinged before offer
Aug 13 07:30:58 :202084: <WARN> |dhcpdwrap| Pool 172.16.4.0/24 has abandoned lease(s)
Aug 13 07:34:13 :299801: <DBUG> |dhcpd| uid lease 172.16.3.78 for client c0:bd:d1:16:72:56 is duplicate on 172.16.3.0/24
Aug 13 07:50:22 :299801: <DBUG> |dhcpd| uid lease 172.16.3.221 for client ac:5a:14:1e:d4:52 is duplicate on 172.16.3.0/24
Aug 13 07:58:13 :299801: <DBUG> |dhcpd| Abandoning IP address 172.16.3.155: pinged before offer
Aug 13 07:59:02 :202084: <WARN> |dhcpdwrap| Pool 172.16.3.0/24 has abandoned lease(s)
Aug 13 07:59:20 :299801: <DBUG> |dhcpd| uid lease 172.16.3.34 for client ac:5a:14:1e:d4:52 is duplicate on 172.16.3.0/24
Aug 13 08:16:55 :299801: <DBUG> |dhcpd| uid lease 172.16.4.179 for client f0:25:b7:ac:ee:39 is duplicate on 172.16.4.0/24
Aug 13 08:19:56 :299801: <DBUG> |dhcpd| uid lease 172.16.3.102 for client f4:09:d8:f2:84:e5 is duplicate on 172.16.3.0/24
Aug 13 08:48:57 :299801: <DBUG> |dhcpd| uid lease 172.16.4.106 for client 78:4b:87:f5:8f:5f is duplicate on 172.16.4.0/24
Aug 13 08:49:40 :299801: <DBUG> |dhcpd| uid lease 172.16.3.139 for client f4:09:d8:f2:84:e5 is duplicate on 172.16.3.0/24
Aug 13 09:07:21 :299801: <DBUG> |dhcpd| Abandoning IP address 172.16.3.200: pinged before offer
Aug 13 10:20:03 :299801: <DBUG> |dhcpd| uid lease 172.16.4.175 for client 24:db:ed:92:a4:0b is duplicate on 172.16.4.0/24
Aug 13 10:21:51 :299801: <DBUG> |dhcpd| client 24:db:ed:92:a4:0b has duplicate leases on 172.16.4.0/24
Aug 13 10:35:59 :299801: <DBUG> |dhcpd| uid lease 172.16.3.163 for client 1c:99:4c:b9:f5:55 is duplicate on 172.16.3.0/24
Aug 13 10:36:01 :299801: <DBUG> |dhcpd| client 1c:99:4c:b9:f5:55 has duplicate leases on 172.16.3.0/24
Aug 13 11:00:03 :299801: <DBUG> |dhcpd| Abandoning IP address 172.16.3.231: pinged before offer
Aug 13 11:24:58 :299801: <DBUG> |dhcpd| Abandoning IP address 172.16.4.93: pinged before offer
Aug 13 11:25:50 :202084: <WARN> |dhcpdwrap| Pool 172.16.4.0/24 has abandoned lease(s)

 

 

Highlighted
Guru Elite

Re: Stale user-table entry and duplicate IP address

- What is the lease time for those pools?

- What is your output of "show aaa timers"?

 

- The output of the idled users depends on environment.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Highlighted
Occasional Contributor I

Re: Stale user-table entry and duplicate IP address

The lease time for two networks in the pool is 8 hours. please see the timers below. 

 

# Guest-WiFi-01
subnet 172.16.3.0 netmask 255.255.255.0 {
default-lease-time 28800;
max-lease-time 28800;
option vendor-class-identifier "ArubaAP";
option vendor-encapsulated-options "10.80.25.7";
option domain-name-servers 172.16.2.1;
option routers 172.16.3.1;
range 172.16.3.11 172.16.3.254;
authoritative;
}
# Guest-WiFi-02
subnet 172.16.4.0 netmask 255.255.255.0 {
default-lease-time 28800;
max-lease-time 28800;
option vendor-class-identifier "ArubaAP";
option vendor-encapsulated-options "10.80.25.7";
option domain-name-servers 172.16.2.1;
option routers 172.16.4.1;
range 172.16.4.11 172.16.4.254;
authoritative;
}

(aruba02) #show aaa timers

Global User idle timeout = 300 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
User Interim stats frequency = 600 seconds

Highlighted
Guru Elite

Re: Stale user-table entry and duplicate IP address

Two Questions:

 

Is this a guest network?  If yes, you can try reducing the DHCP lease to 30 minutes and see if that fixes your issue.  You will brobably have to remove your users with "aaa user delete role <guest role>" when you do this so that they can get new leases.

 

You can also type "show ip dhcp statistics" to see how you are on  leases.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN