Randomly, users cant't connect to certain access points, but other users can.

  • 1
  • Question
  • Updated 2 years ago
We have recently rolled out an Aerohive network of WAPs (all AP250). People are on and using the access points, but if they turn their wifi off and move to a different area, sometimes it wont let them online. They get connected to the access point itself, but cant actually get an IP address. The kicker is that others are on that access point and have an IP address. The AP's aren't overburdened and it doesn't seem to be an RF interference issue. Seems like some type of caching/roaming issue. 

Very new to the Aerohive community; love the products so far, but need a little help!

Cheers,
Joey
Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
  • confused

Posted 2 years ago

  • 1
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
We have had several reports of DHCP failures on the AP250 running HiveOS version 7.0 (both 7.0r1 and 7.0r2). One (counterintuitive) workaround that seems to satisfy most customers encountering this is to apply per-station session limits. Via the CLI that would be

forwarding-engine max-ip-sessions-per-station XXXX, where XXXX is in the range of 0-8000

It looks to me like you can use HM-NG to provision this, under Network Policies, Additional Settings, Management Options, Forwarding Engine Control. 

Please let us know if this addresses your situation. We believe we know the root cause of this issue, and we intend to address it in a manner that doesn't require the above workaround in HiveOS version 7.1r1, currently planned for release in mid-November.

Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
What is this command doing and is there a value i should be considering when i set this...can i just max it out at 8k? or should i set it low. 

I'm just not too keen on what its doing and how i should move forward.

Thanks.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
We believe the underlying problem is within the forwarding engine, that it does not always remove session table entries after the client sessions conclude. Applying a limit triggers a separate routine to periodically police this table and prohibit any one client device from consuming all the entries in the device's session table. Officially, I can only suggest you take into account your own user community and their traffic patterns to determine the correct value for this parameter. Personally, I would start at 1K or 2K and wait to see if anyone complains, if so then I would add another thousand to the value and repeat.

The ALG workaround mentioned by Chris invokes a separate routine to periodically police the same session table and clean up ghost entries.

Does this help you understand what we believe the underlying problem is and why we offered these suggestions?
Photo of chris bourroughs

chris bourroughs

  • 6 Posts
  • 1 Reply Like
Hi Joey

This sounds like you could be hitting a known issue on the AP250.  Could you try to enable this command on the AP's and let me know if it helps? 'alg sip enable'

Similar recent post here discussing this: https://community.aerohive.com/aerohive/topics/ap250-client-dhcp-issues

Thanks

Chris
Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
@chris What is that command actually doing? Why is enabling it supposed to help? Just curious.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Joey, we believe the problem is with freeing up session table entries after they close. The ALGs within HiveOS examine traffic for start and end of sessions and perform their magic on applicable traffic. Even if you have no SIP traffic on your network, the ALG in this case helps remove the session table entries after closure that the main forwarding engine isn't closing.

Does this make any sense at all?
Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
Sure, makes sense to me.

 So is there any reason I SHOULDN'T enable this on all my WAP's? 

Also, is there a clean way to do this through the web interface so i can roll it out in bulk? Or is it easiest to just do it through the cli per WAP.
Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
Both of these solutions make sense, I guess my only remaining question is best practice for rolling them out. I would like to try the simple "alg sip enable" command before i change to a more fine tuned solution. 


Is there a way to do this through the GUI in the newest version of HiveManagerNG?

Cheers!
Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
Should I restart the WAP after i run those commands through the CLI?
Photo of chris bourroughs

chris bourroughs

  • 6 Posts
  • 1 Reply Like
Hi Joey

There should be no impact enabling the workaround I suggested and I hope it provides a workaround for you.

Both workarounds should give a similar result, however enabling the alg sip command will enable the AP to actively monitor ip sessions and tear down dynamically without any limits being reached.  Unfortunately though you will have to configure this via CLI on HMNG at the present time, or supplemental CLI for multiple AP's;
http://docs.aerohive.com/330000/docs/help/english/ng/Content/gui/configuration/configuring-supplemen...

Let us know if this works

Cheers

Chris
Photo of chris bourroughs

chris bourroughs

  • 6 Posts
  • 1 Reply Like
And no need for a restart!
Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
So I've pushed the update to my WAP's. I followed all your steps. But Im still noticing an issue. For my laptop consistently, if I connect to an AP, and then move near another AP, my internet stays live and i don't lose a single ping. But if I continue to stand near the new AP and disable my wifi, then re-enable it...I cant connect to the internet! I believe I'm connected to the new AP, but nothing can go outbound as i dont have an IP. I have to move back where I was able to connect to the first AP to actually get connection again.

Any ideas?
Photo of Ho Ka Lok

Ho Ka Lok

  • 27 Posts
  • 4 Reply Likes
We faced the same problem on Hive Manager 6.8r5, will Network Policy->Additional Settings->Service Settings->ALG Services will also work for the ALG method ? Just Enable SIP with default QOS Class 6-Voice, 60s Inactive Data Timeout and 720mins Max Session Duration will be ok on all APs ?

How about AeroHive POE switch, like SR SR2024P/SR2124P ? Needed to enable ALG SIP for cleanup ghost sessions ? Thanks!
Photo of Joey Carmello

Joey Carmello

  • 9 Posts
  • 0 Reply Likes
So I noticed one specific client that is having problems with a specific access point. It seems like the WAP thinks its IP should be the local unassigned ip.(see attached) Is there a CLI command i can run to clear this out?