Wireless Access

Reply

Random user with no internet access

Hello
I have got the fallowing scenario:
I got about 7 controllers
1 master and one master standby
4 local controllers
1 controller on the dmz which has an internet conected directly to it. So he is natting
We got tunnet gre between all local conttollers to the master and another gre tunnel from the master to the controller in the dmz.
We got a vlan that just exist in the controllers and i sent it through the tunnel gre. A vlan 990

So the users register in the captive portal and they do all the process and they go to internet throgih the dmz controller.

Now we have the issue that now and then some user has no internet... Like suddenly. Whcih is really odd because the user has the correct role in the controller and all the other users has internet i mean on the guest network. Later like a few horus if that user try again he get access to internet without an issue. For example the other day a mac cached user didint have internet access in the morning and then in the afternoon he had but just that use, another person next to hik which had mac cached device also had internet, they both had the same role on the controller ip address and everything seems the same and fine. We got a 7010 on the dmz. I was wondering if there is a limit of dont know the sessions that can go throght that controller doing nat. They got many gues and also many many users that register but dont have access because as its a open network random ppl try to log in.
Any ideas where i should look?

Cheers
Carlos
----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite

Re: Random user with no internet access

Make sure that your DHCP lease is longer than 5 minutes so that there are no user table/DHCP conflicts.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: Random user with no internet access

The lease time is set to 1 or 2 hours
----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
ryh
Contributor II

Re: Random user with no internet access

If it has to do with the whole 65,536-ish ports being used in that DMZ controller doing its NAT/PAT'ing, you could try limiting the number of sessions each user can have.  A Guest VRD I read suggested limiting it to 128 sessions per user, which is sufficient for many while curtailing those guest users that might have thousands of sessions open.

 

"show datapath nat" might show something here.  More information would be helpful.

ryh
Contributor II

Re: Random user with no internet access

A test that might help isolate if it is a NAT'ing issue is to see if those clients can reach IPs that aren't past the NAT boundary.  If they can reach other guest/server IPs but not internet IPs, then start looking into why.

Re: Random user with no internet access

I saw about that ont he VRD a while ago but i was wondering what impact would that have on the guest users?

If i limit those sessions what will happen? if they go over that limit then some applications wont have internet or what would happen?

 

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
ryh
Contributor II

Re: Random user with no internet access

I believe that is how that would work, yes. I suppose an option to get around the 65k sessions limit would be a NAT pool, so that you can increase the number of IP addresses the controller could use for NAT. That way, with X number of IPs, you could reach 65000*X sessions.

Still, not sure if this is the issue until you dig into it a bit further.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: