Why Aruba APs can not renew the IPs for wireless clients?

Don't know whether it is a coincidence, since a firewall was setup, this aruba controller 800 and 10 APs do not seems to renew the IP for wireless clients. The problem is, user holding the iPAD can get a IP from any aruba AP, after that, if this use move out of the wireless area, and move in back again, he/she doesn't seem able to get a IP (renewed) again.

But, according to my co-worker, before the deployment of the above firewall, the problem wasn't there. There is only 1 network segment IPs was supported.

thanks,
LVL 1
MichaelBalackAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

strivoliCommented:
Have a look at firewall's dropped and/or rejected packets. You might find out that some DHCP traffic is denied.
0
MichaelBalackAuthor Commented:
Hi Strivoli,

How see the mentioned firewall dropped/or reject packets?
0
strivoliCommented:
Set logging and inspect the log directly on the firewall or forward the logs to a syslog server for easier inspection.
Please post make and model of the firewall.
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

MichaelBalackAuthor Commented:
Hi Strivoli,

firewall model is: fortigate 200b. Unfortunately, the logging capabilty is quite less as you have to get a fortianalyzer.

But, why the firewall log as this firewall in the same network segments as aruba controller and APs...
0
strivoliCommented:
You wrote that the problem started since the firewall was setup. I suspect there's something wrong with the firewall. This is why checking the logs makes sense.
0
MichaelBalackAuthor Commented:
Other than firewall, what has to be checked on aruba?
0
strivoliCommented:
You can check aruba's logs as well. Logs usually tell you more than you can imagine.
I'll have a look at the firewall's user manual in order to check the logs properly.
0
strivoliCommented:
Page 137 (attached) of the FortiOS 5.0.4 Install & System Administration shows you how to forward the logs to a syslog server.

If you don't have one yet, you can install Kiwi Syslog Server for Windows. There's a free version too.
Binder1.pdf
0
Jakob DigranesSenior ConsultantCommented:
need some more info:
how do clients authenticate?
what device is DHCP for the wireless clients?
does this happen to all type of devices?
you have no VLANs? All is running on VLAN1?
0
MichaelBalackAuthor Commented:
Using wep password for auth.
Aruba controller is the dhcp server.
only 1 vlan - vlan 1.
this happened to wireless...
0
MichaelBalackAuthor Commented:
Suggestion?
0
Jakob DigranesSenior ConsultantCommented:
what firmware are your controller at?
Are you familiar with CLI for controller?

show log all | include (MAC-ADDRESS FOR ONE OF THE CLIENTS)
IF this happens to PCs aswell - try installing Wireshark (www.wireshark.org) on PC and do a packet capture to see if the PC sends a DHCP DISCOVER packet
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MichaelBalackAuthor Commented:
Hi Jakob_di,

Where to check the firmware version. Sorry, I don't know cli command.

Where to run the command:

    show log all | include (MAC-ADDRESS FOR ONE OF THE CLIENTS)

Can you show detailed step-by-step for the commands/operations that supposedly have to perform?
0
Craig BeckCommented:
Do the clients have to pass through the firewall to get to the controller to obtain an IP address?
0
MichaelBalackAuthor Commented:
No, not need.
0
Jakob DigranesSenior ConsultantCommented:
SSH to Aruba Controllers IP-address
login with admin/PW
type following comands

if the prompt is like this > type enable and hit ENTER (Enter Enable Password)
if prompt is # - just carry on

Show image version - tells you firmware
0
MichaelBalackAuthor Commented:
3.1.1.9
0
Jakob DigranesSenior ConsultantCommented:
try setting DHCP on Firewall instead.
Or upgrade controller firmware

How many clients? What scope do you have?

And another thing - I strongly recommend moving away from WEP (!!) and over to WPA2 if possible
0
MichaelBalackAuthor Commented:
Hi Jacob_di,

Please see the answers:

 

try setting DHCP on Firewall instead.  

    ans - We cannot just change the DHCP to firewall. We need a reason to management

Or upgrade controller firmware

    ans - The controller has no more service warranty, upgrading the controller firmware
             is a risky business. Anyway, we'll try it

How many clients? What scope do you have?

    ans - around 50+. There is only 1 scope, meant for a single network segment

And another thing - I strongly recommend moving away from WEP (!!) and over to WPA2 if possible

    ans - For the sake of security?
0
MichaelBalackAuthor Commented:
At the end, management allowed us to upgrade firmware. Now the firmware upgrade was done, and we will monitor for the status...
0
MichaelBalackAuthor Commented:
The problem seems not more, ever since the controller's firmware was upgraded. We hesitate to upgrade it as this controller has not more hardware warranty with Aruba.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.