Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1215
Views
5
Helpful
9
Replies

WLAN client lost their ip address ?

Go to solution
879205607
Level 1
Level 1

‎04-23-2023 08:47 PM

I have created an SSID and enable 802.1x authentication ,assign ip addresses to clients via dhcp. 

However, I found that after some clients have been connected to the network for a while, their  DHCP ip addresses will be lost and become 169.254.x.x ?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
879205607
Level 1
Level 1

‎04-26-2023 02:56 AM

Hello All,

I adjusted the SSID session-timeout to 86400 seconds and the problem doesn't seem to be recurring。

It looks like the problem is related to the Intel AX201 wireless network adapter.

https://community.intel.com/t5/Wireless/Intel-WiFi6-AX201-160Mhz-L3-Issues-with-RADIUS-Authentication/td-p/1324596

 

View solution in original post

Go to solution
Dustin Anderson
VIP
VIP

‎04-28-2023 06:50 AM

To put some context, we have seen that Intel seems to ping the default gateway and if it seems to loose 3 pings will trigger DHCP again. I think this is how they detect vlan changes. This would explain why when the session timed out if it didn't reauth, it would loose access and kick off DHCP.

View solution in original post

9 Replies 9

Go to solution
Arne Bier
VIP
VIP

‎04-23-2023 09:38 PM

that usually indicates that 802.1X was successful, but that DHCP requests are not reaching the DHCP server. Is this AireOS or 9800?

Go to solution
879205607
Level 1
Level 1
In response to Arne Bier

‎04-24-2023 01:42 AM

Hi,

The controller is Cisco 2504.

But i am sure that DHCP server is reachable, because when the client is connected to the network, I see that the client does get the IP address and can access the network resources. However, after about half an hour, the client's ip address is lost

I think may be session-timeout settings?

0 Helpful

Go to solution
poongarg
Cisco Employee
Cisco Employee
In response to 879205607

‎04-24-2023 02:53 AM

In such case, I would suggest to take OTA captures (using sniffer option on the MAC Book) along with debugs on AP and WLC to figure out the root cause. If the client got disconnected and post that it is not able to get ip address? Any new authentication seen on ISE just before the ip address is lost. If the client remain connected to the previous SSID?

Go to solution
Arne Bier
VIP
VIP

‎04-24-2023 02:02 AM

Does that also correlate with the DHCP lease time for that scope? Usually DHCP renew is 50% of the lease time. 
Either way, even if the lease time was short, there should be no ACL in place to prevent DHCP traffic. Are you assigning an ACL to the client after successful authentication?

Session timeout is not an issue. It just ensures that the client is forced the re-auth. And then the whole process starts again. 
If you suspect that 802.1X is the issue then clone the WLAN config and make it PSK instead. Make sure everything else is identical (VLAN etc). And then see how the client behaves. 

 

0 Helpful

Go to solution
879205607
Level 1
Level 1

‎04-26-2023 02:56 AM

Hello All,

I adjusted the SSID session-timeout to 86400 seconds and the problem doesn't seem to be recurring。

It looks like the problem is related to the Intel AX201 wireless network adapter.

https://community.intel.com/t5/Wireless/Intel-WiFi6-AX201-160Mhz-L3-Issues-with-RADIUS-Authentication/td-p/1324596

 

Go to solution
Arne Bier
VIP
VIP
In response to 879205607

‎04-26-2023 01:28 PM

What happens after 86400 seconds? I guess most users won't be on the network that long?

#problemsweptunderthecarpet

0 Helpful

Go to solution
879205607
Level 1
Level 1
In response to Arne Bier

‎04-27-2023 07:58 PM

I'm not sure, because no user will be connected to the wireless network for up to 24 hours, because usually their computer will hibernate when not in operation.

But the loss of IP addresses did disappear

0 Helpful

Go to solution
Dustin Anderson
VIP
VIP

‎04-28-2023 06:50 AM

To put some context, we have seen that Intel seems to ping the default gateway and if it seems to loose 3 pings will trigger DHCP again. I think this is how they detect vlan changes. This would explain why when the session timed out if it didn't reauth, it would loose access and kick off DHCP.

Customers Also Viewed These Support Documents