Wireless Access

Has any one seen this before?

It seems to be more common with android devices.

A client with the same mac address will hold on to two ip addresess.

3400 running 6.2.1.5

Thanks,

Me too! and sometimes one IP address isn't an address of my LAN.

I've seen this in two different scenarios:

1. Client was previously connected to another network.  Somehow the IP it previously had showed up in the user table.
2. VLAN pooling was not working correctly.

---

@scoaker1 wrote:

Has any one seen this before?

 

It seems to be more common with android devices.

 

A client with the same mac address will hold on to two ip addresess.

 

3400 running 6.2.1.5

 

Thanks,

 

 

 

---

The wireless adapter sometimes "leaks" the ip address of other interfaces like WAN, VPN or VMWARE interfaces through it.  One way to deal with this to to use "Enforce DHCP" on the AAA profile so that only devices that the controller can see obtaining a DHCP address will enter the user table.

that was my feeling also cjoseph, it is a fun way to see your 3G IP.

but is validuser acl also not a way to not see these IPs?

In terms of the invalid IP appearing in the user table and firewall list, I don't find the valid-user ACLs (or any other) will help prevent this.

Broadly speaking this is because the controller MUST (even temporarily) add the session in deny state due to normal operation (assuming it's setup accordingly). So you still see it.

And actually, for what it's worth, I'm not a big fan of the DHCP enforce, although I do get what CJ is saying. Certain (very badly programmed) clients tend not to respond well to this I've found.

It's just something to understand and live with I'd say. It would be nice if the associated Android OS's didn't do it, but hey-ho!

Thanks for all the response.

I have seen Android devices with two different ip addresses. Usually one outside my network and one that is valid.

Just strange that they grab two valid addresses with different association times and not letting go of either.

I'll try the " enforce DHCP" setting on one controller to see how it helps or inhibits any other clients.

---

@The.racking.monkey wrote:

In terms of the invalid IP appearing in the user table and firewall list, I don't find the valid-user ACLs (or any other) will help prevent this.

 

Broadly speaking this is because the controller MUST (even temporarily) add the session in deny state due to normal operation (assuming it's setup accordingly). So you still see it.

 

And actually, for what it's worth, I'm not a big fan of the DHCP enforce, although I do get what CJ is saying. Certain (very badly programmed) clients tend not to respond well to this I've found.

 

It's just something to understand and live with I'd say. It would be nice if the associated Android OS's didn't do it, but hey-ho!

 

 

---

The.racking.monkey,

The validuser ACL would prevent this, because devices not in the validuser ACL cannot enter the user table period.  The controller does NOT have to add a user temporarily in deny state.  That is NOT true.  DHCP is the easiest one-checkbox way to fix exactly what the user is reporting in this example.  If it does not work, we will have to figure out what is wrong with the user's setup.

I stand corrected.

Collin

Do you know why the wireless adapter "leaks" the ip address of other interfaces?  i know it happens but why it happens?

Cheers

Carlos