Wireless Access

last person joined: 22 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Client disconnects

This thread has been viewed 5 times

  • 1.  Client disconnects

    Posted Feb 12, 2015 10:14 PM

    Hi,

     

    We have an issue with client connecting to wireless network. When clients connects to wireless network through captive portal (web authentication) and out of wireless network for 30 mintues or 1 hour, when the client came back to range, the client need to start authentication from first, I.e connecting to network and going to captive portal for web authencation.

    We have configured global user idle timeout value to 3600 seconds and Captive portal user idle timeout 18000 seconds  and DHCP lease timeout is set to one hour.

    Here we can able to  another session on user table  with different IP  and with same mac (one mac address)

     

    example :

     

    192.168.1.1   ff:ff:ff:ff:ff:ff

    192.168.2.1  ff:ff:ff:ff:ff:ff


    #3600


  • 2.  RE: Client disconnects

    EMPLOYEE
    Posted Feb 12, 2015 10:20 PM

    Do you have ClearPass?



  • 3.  RE: Client disconnects

    Posted Feb 13, 2015 12:48 AM

    No, We do not have clear pass 



  • 4.  RE: Client disconnects

    Posted Feb 13, 2015 01:59 AM

    (BTW: what ArubaOS version are u using?)

    (BE SURE YOUR DHCP SERVER can see your client broadcasts)

     

    Now what i think causing this:  

    You made your IDLE timeouts with very HIGH values = your client info keep saved in the client/user DB of your controller BUT you made your DHCP lease time , very low = 1 hour.
    This causing the user that leaving for 1 hour to lose is address,but not to be deleted from the client/user DB of your controller.

     

    Read more here: (Fix your settings - and everything will work as needed)

     

    http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/DHCP-lease-time-amp-user-idle-timeout-period/td-p/987

    http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/Idle-Timeout-and-Logon-Lifetime-can-t-be-longer-than-DHCP-lease/td-p/60786

    http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/DHCP-STRANGE-ISSUE/td-p/63272

     

    Update us that you understood,and your issue has been fixed.



  • 5.  RE: Client disconnects

    Posted Feb 13, 2015 02:05 AM

    Usually, when the client authenticated   to wireless network and out of wireless network range and back to range after one hour the existing session which is already in user table should continue, is no matter whether client will release ip or renew ip.



  • 6.  RE: Client disconnects

    Posted Feb 13, 2015 02:09 AM

    But you got SPI firewall in your controller that is prohibiting IP spoofing (1 MAC = 2 Ip address) and with your DHCP settings of 1 hour, your controller will see same MAC getting a new IP after 1 hour...so it dosent matter that he already auth or in the client session.

     

    read here:

    http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-can-the-firewall-feature-Prohibit-IP-Spoofing-cause-valid/ta-p/180230