Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Random user with no internet access

This thread has been viewed 6 times

  • 1.  Random user with no internet access

    Posted Jan 27, 2018 12:24 PM
    Hello
    I have got the fallowing scenario:
    I got about 7 controllers
    1 master and one master standby
    4 local controllers
    1 controller on the dmz which has an internet conected directly to it. So he is natting
    We got tunnet gre between all local conttollers to the master and another gre tunnel from the master to the controller in the dmz.
    We got a vlan that just exist in the controllers and i sent it through the tunnel gre. A vlan 990

    So the users register in the captive portal and they do all the process and they go to internet throgih the dmz controller.

    Now we have the issue that now and then some user has no internet... Like suddenly. Whcih is really odd because the user has the correct role in the controller and all the other users has internet i mean on the guest network. Later like a few horus if that user try again he get access to internet without an issue. For example the other day a mac cached user didint have internet access in the morning and then in the afternoon he had but just that use, another person next to hik which had mac cached device also had internet, they both had the same role on the controller ip address and everything seems the same and fine. We got a 7010 on the dmz. I was wondering if there is a limit of dont know the sessions that can go throght that controller doing nat. They got many gues and also many many users that register but dont have access because as its a open network random ppl try to log in.
    Any ideas where i should look?

    Cheers
    Carlos


  • 2.  RE: Random user with no internet access

    EMPLOYEE
    Posted Jan 27, 2018 01:23 PM

    Make sure that your DHCP lease is longer than 5 minutes so that there are no user table/DHCP conflicts.



  • 3.  RE: Random user with no internet access

    Posted Jan 27, 2018 01:34 PM
    The lease time is set to 1 or 2 hours


  • 4.  RE: Random user with no internet access

    Posted Jan 31, 2018 02:25 PM

    If it has to do with the whole 65,536-ish ports being used in that DMZ controller doing its NAT/PAT'ing, you could try limiting the number of sessions each user can have.  A Guest VRD I read suggested limiting it to 128 sessions per user, which is sufficient for many while curtailing those guest users that might have thousands of sessions open.

     

    "show datapath nat" might show something here.  More information would be helpful.



  • 5.  RE: Random user with no internet access

    Posted Jan 31, 2018 02:28 PM

    A test that might help isolate if it is a NAT'ing issue is to see if those clients can reach IPs that aren't past the NAT boundary.  If they can reach other guest/server IPs but not internet IPs, then start looking into why.



  • 6.  RE: Random user with no internet access

    Posted Jan 31, 2018 02:41 PM

    I saw about that ont he VRD a while ago but i was wondering what impact would that have on the guest users?

    If i limit those sessions what will happen? if they go over that limit then some applications wont have internet or what would happen?

     

    Carlos



  • 7.  RE: Random user with no internet access

    Posted Jan 31, 2018 02:44 PM
    I believe that is how that would work, yes. I suppose an option to get around the 65k sessions limit would be a NAT pool, so that you can increase the number of IP addresses the controller could use for NAT. That way, with X number of IPs, you could reach 65000*X sessions.

    Still, not sure if this is the issue until you dig into it a bit further.