Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Contributor II

ip client-tracking not showing IP addresses for clients with a statically configured IP address

Hi,

 

Noticed that clients with a statically configured IP address are not showing up with their IP address in the clients table on an Aruba 2930M switch, running 16.08.0003.
However, the description of ip client-tracker in the manual states: "Enables the visibility of statically and dynamically assigned IPv4 and IPv6 addresses for both authenticated and
unauthenticated clients." (page 291 of the Access Security Guide, version 16.08).

 

CLI output:

2019-07-19 13_54_57.png

 

Behind port 5/7 is IP address 10.14.12.205, and I can ping it. But it does not show up in the switch.

 

Also read this in the manual:
An end client that gets IP address from a DHCP address will be included by default in RADIUS accounting
packets. Visibility of statically assigned IP addresses in RADIUS accounting is available with a command that
enables and disables static IP visibility for an authenticated client.

 

So I checked the RADIUS accounting being sent to ClearPass, to make sure it's not just an visibility bug: but it turns out that the RADIUS Framed-IP field is not updated with accounting either.

 

According to my colleagues, this is consistent on different switch software versions.

The question that remains: is the feature not working properly, or is the manual incorrect?

Has anyone noticed this too?


Regards,
Dante

Highlighted
Contributor I

Re: ip client-tracking not showing IP addresses for clients with a statically configured IP address

Hi,

 

One of the SE from Aruba told me that the #ip client-tracker is not enabled or trusted by default on newer OS version.

 

I will verify with him and get back to you

Mathias Troncoso-Aballay
ACMP, ACCP, ACSA | Aruba Partner Ambassador
Highlighted
Contributor II

Re: ip client-tracking not showing IP addresses for clients with a statically configured IP address

Hi Matthias,

Thanks for your feedback. The feature is enabled explicitly in the configs I tested, I'm not talking about default configs. I saw this behavior in 2 release trains: 16.08 and 16.07. Can't say for sure if I've seen the same behavior in 16.06.

Since I'm not getting much response here, I'll open a support case to try to get to the bottom of this.

Regards,

Dante

Highlighted
Contributor II

Re: ip client-tracking not showing IP addresses for clients with a statically configured IP address

Just double checked on the switch I was configuring a week ago, and now port 5/7 has detected the IP address 10.14.12.205 just fine. Apparently patience is a factor here too...

 

Still got a few more ports without detected IP addresses. Checked one and it's still the same issue for that particular one. The client definitely has an IP address and is reachable, but the switch does not detect the IP address.

 

Now I sure am curious on how the ip client-tracking exactly works, in order to fully understand this behavior...

 

Opening a support case next week.

Highlighted
Occasional Contributor II

Re: ip client-tracking not showing IP addresses for clients with a statically configured IP address

Hi Dante,

 

Let us know what comes out of your TAC case. I am looking at moving to either 16.08.0005 or directly to 16.09.x in hopes to activate IP client tracker, but am curious to see why the static IP's aren't showing for you.

 

I mostly want to actiavte it to take care of an issue where certain devices go to sleep and get deauthenticated and then are unable to regain an IP as the switchport blocks ARP out. We see this happening on low usage printers, security controlers,etc... It was suggested to use IP Client tracker with a probe delay which will force communication between devices and should get rid of the issue. At least, that's what TAC suggested.

 

Long story short, before I get further in my testing, I'll be curious to see what comes out from your case

Highlighted
Contributor II

Re: ip client-tracking not showing IP addresses for clients with a statically configured IP address

Hi,

 

I thought it was best to postpone creating the support ticket, as I'm out of office for 3 weeks, which probably will result in the closure of the case, so I'd have to start over. But I'll follow up end of August.

 

In any case: using the ip client-tracker to keep silent clients alive is exactly what we do for several customers and it seems to work pretty well. Checked it at one customer who I migrated to Aruba switches running 16.07 in January, and their haven't been issues so far. Almost all their clients do DHCP, so can't really compare with the setup where I'm seeing the issue, at that customer they have loads and loads of clients with static IP addresses. I should also add that most static IPs are shown at the customer where I see the issue, just a few clients are missing. The strange thing is that other static IPs of devices of the exact the same type/firmware/... are discovered just fine. Maybe I'm hitting a limit, or a bug which only happens every once in a while.

 

Also 2 of my colleagues used the ip client-tracker technique for 2 other customers with success. I'd say: give it go and let me know how it goes :-).

 

FYI: you can set the tracker interval to less than 60 seconds, but in reality the switch will only track every 60 seconds as a minimum interval.

 

Regards,

Dante

Highlighted
Occasional Contributor II

Re: ip client-tracking not showing IP addresses for clients with a statically configured IP address

Awesome. Thanks for giving me that information.

 

I'll give it a try on our own building first and if I get good results, I'll push this everywhere else.. We have 110 sites(all moving more and more to Aruba switching) so I need to make sure this works before I push this through.

 

Thanks again,