Hello,
We're seeing a strange phenomenon happening with our 6000 controller (virtual applicance running 6.3.1.9) where an end point/user will show two entries in the user table. One will have a valid DHCP provided IP address and one will have a mysterious. See output below from the controller and from the endpoint (windows device):
Controller output
(ArubaMaster) # show user | include packerd
10.0.0.21 50:1a:c5:e9:1b:3f packerd Employee_Internet_Only 00:05:15 802.1x Conf_room_N3_IS:a9:13 Wireless NRUCFC-Corp/d8:c7:c8:ea:91:38/a-HT NRUCFC-Corp-aaa_prof tunnel Win 8
192.168.101.99 50:1a:c5:e9:1b:3f packerd Employee_Internet_Only 00:05:15 802.1x Conf_room_N3_IS:a9:13 Wireless NRUCFC-Corp/d8:c7:c8:ea:91:38/a-HT NRUCFC-Corp-aaa_prof tunnel Win 8
Endpoint output
C:\Users\Daniel>ipconfig
Windows IP Configuration
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : ad.nrucfc.org
Link-local IPv6 Address . . . . . : fe80::609b:3b3b:9840:2186%3
IPv4 Address. . . . . . . . . . . : 192.168.101.99
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.101.1
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3828:1dc8:3f57:9a9c
Link-local IPv6 Address . . . . . : fe80::3828:1dc8:3f57:9a9c%8
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.ad.nrucfc.org:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ad.nrucfc.org
C:\Users\Daniel>netstat
Active Connections
Proto Local Address Foreign Address State
TCP 127.0.0.1:19872 Alpha:49501 ESTABLISHED
TCP 127.0.0.1:49501 Alpha:19872 ESTABLISHED
TCP 127.0.0.1:49876 Alpha:49881 ESTABLISHED
TCP 127.0.0.1:49876 Alpha:49882 ESTABLISHED
TCP 127.0.0.1:49881 Alpha:49876 ESTABLISHED
TCP 127.0.0.1:49882 Alpha:49876 ESTABLISHED
TCP 127.0.0.1:51246 Alpha:51247 ESTABLISHED
TCP 127.0.0.1:51247 Alpha:51246 ESTABLISHED
TCP 192.168.101.99:49163 bn1wns2011804:https ESTABLISHED
TCP 192.168.101.99:49176 64.233.171.109:imaps ESTABLISHED
TCP 192.168.101.99:49179 bay402-m:https ESTABLISHED
TCP 192.168.101.99:51137 r-064-042-234-077:http ESTABLISHED
TCP 192.168.101.99:51195 64.233.171.188:5228 ESTABLISHED
TCP 192.168.101.99:51213 ash-rc1-3b:http ESTABLISHED
TCP 192.168.101.99:51215 iad23s23-in-f21:https ESTABLISHED
TCP 192.168.101.99:51224 qg-in-f189:https ESTABLISHED
TCP 192.168.101.99:51249 viewext:https ESTABLISHED
TCP 192.168.101.99:51250 viewext:https CLOSE_WAIT
TCP 192.168.101.99:51251 viewext:https CLOSE_WAIT
TCP 192.168.101.99:51285 iad23s23-in-f6:https ESTABLISHED
TCP 192.168.101.99:51288 iad23s23-in-f5:https ESTABLISHED
TCP 192.168.101.99:51289 64.233.171.113:https ESTABLISHED
TCP 192.168.101.99:51292 qg-in-f147:https ESTABLISHED
TCP 192.168.101.99:51294 65.55.163.222:https TIME_WAIT
The problem is the 10 net address. As you can see it is not configured anywhere on the windows client. But that 10 net address happens to be a server on our network that is in no way assoicated to aruba at all.
Has anyone else seen this before?
Thanks,
Josh