HPE Community
M and MSM Series
1753416 Members
7668 Online
108793 Solutions
New Discussion юеВ

Re: MSM760 delays before it brings up the login in page

 
Egbo Philip Nnamdi
Occasional Advisor

тАО10-24-2010 05:13 AM

тАО10-24-2010 05:13 AM

MSM760 delays before it brings up the login in page

I have a network of about 150 clients stations with 5 AP, MSM 760 is running DHCP. It takes a while before the login page (local authentication)comes up when about 20 or more pc's are connected and when you login, it will still take a while again before you start surfing. I also noticed that users on the network can't ping theirselves but can ping the Controller also the controller keeps showing me in my messages that "IP address claimed by work station ..... already exists. Terminating both stations for security reasons". Please can anyone help me in resolving this?
0 Kudos
10 REPLIES 10
Fred!
Trusted Contributor

тАО10-25-2010 05:21 AM

тАО10-25-2010 05:21 AM

Re: MSM760 delays before it brings up the login in page

Several things could occur, stations with statically assigned IP addresses could overlap with your DHCP address range, you could have another DHCP server giving addresses in the network (did you checked the lease page on the controller to see if the controller is issuing some DHCP leases?).

The fact that the stations cannot ping themselves is normal at this point, by default there are some built-in protections that make sure the traffic goes through the controller first to be access controlled.

One quick and easy way you could try to make it potentially work is to make sure the clients are isolated from the rest of the network. Because I'm pretty sure it is the way your network is configured that triggers this behavior.

The following assumes that you are not using the MSM controller DHCP to provide addresses to your 5 APs. Let me know otherwise.

Go inside the DHCP server on the MSM controller and make sure you only accept requests from the data tunnel. Then go into your VSC that has HTML authentication and enable the option that always tunnel the client traffic to the controller.

Let me know if that cleared up some of the logs you are seeing.
0 Kudos
Egbo Philip Nnamdi
Occasional Advisor

тАО10-25-2010 07:08 AM

тАО10-25-2010 07:08 AM

Re: MSM760 delays before it brings up the login in page

Dear Fred,
thanks for yor reply. My MSM760 is the only controller on my network, it is also the DHCP server although I implented all that you said but I still can not ping other clients on the network. I even had to assign a management IP address to the MSM 760 and configure static IP on the AP's.
0 Kudos
Fred!
Trusted Contributor

тАО10-25-2010 07:18 AM

тАО10-25-2010 07:18 AM

Re: MSM760 delays before it brings up the login in page

Hum, OK. So come back to your initial configuration, and here is another question: Do you actually experience/see the fact that you have multiple clients with the same IP address? I mean if you go on your clients do you really see them as the same IP address or do they have different IPs?

My next question is: just for a test, could you remove some of the APs and connect just ONE AP with a cross-over to the MSM controller, and try to connect multiple clients to the AP, do you still experience the same behavior?
0 Kudos
Egbo Philip Nnamdi
Occasional Advisor

тАО10-25-2010 07:30 AM

тАО10-25-2010 07:30 AM

Re: MSM760 delays before it brings up the login in page

The network is actually up and running, I notice from the log that two clients obtained same IP thereby causing MSM760 to terminate both station access. The HTML login page takes a while before it comes up for users to login and get connected also coupled with the fact that users can't ping theirselves on the network.
0 Kudos
Fred!
Trusted Contributor

тАО10-25-2010 07:43 AM

тАО10-25-2010 07:43 AM

Re: MSM760 delays before it brings up the login in page

Any insight on your clients? Windows PCs? Can you tell me what kind of addresses they get? like can you paste one of the logs in here?
0 Kudos
Egbo Philip Nnamdi
Occasional Advisor

тАО10-25-2010 07:57 AM

тАО10-25-2010 07:57 AM

Re: MSM760 delays before it brings up the login in page

[pid 8465, up for 361 sec(s)]
Oct 25 16:21:09 warning statspoller [00:03:52:07:67:32]: Transfer of AP statistics information failed: (28/200)
Oct 25 16:20:40 warning iprulesmgr Station Table Entry (id='8',ip-address='192.168.5.148',mac-address='00:1E:0B:D2:00:0C',virtual-ap-index='1') exists with the IP address claimed by the new station (mac-address='C4:17:FE:A7:6E:B6'), for security reason we're terminating both station access.
Oct 25 16:20:35 warning iprulesmgr Station Table Entry (id='8',ip-address='192.168.5.148',mac-address='C4:17:FE:A7:6E:B6',virtual-ap-index='1') exists with the IP address claimed by the new station (mac-address='00:1E:0B:D2:00:0C'), for security reason we're terminating both station access.
Oct 25 16:17:28 warning iprulesmgr Station Table Entry (id='8',ip-address='192.168.5.148',mac-address='00:1E:0B:D2:00:0C',virtual-ap-index='1') exists with the IP address claimed by the new station (mac-address='C4:17:FE:A7:6E:B6'), for security reason we're terminating both station access.
0 Kudos
Fred!
Trusted Contributor

тАО10-25-2010 09:11 AM

тАО10-25-2010 09:11 AM

Re: MSM760 delays before it brings up the login in page

It seems that the MAC addresses you are refering to are HP MACs and iPod/iPhone MACs most likely. Is that true? If this is the case, can you not use iPod/iPhone for the purpose of the test and see if you still have issues?

(By the way, there are known issues with iPos/iPhone and you need to make sure you have the latest SW from Apple on these)
0 Kudos
Egbo Philip Nnamdi
Occasional Advisor

тАО10-25-2010 03:25 PM

тАО10-25-2010 03:25 PM

Re: MSM760 delays before it brings up the login in page

The IP address conflict is not really an issue because the controller seems to resolve that but the major issues i am having is that users can't ping theirselves and the time it takes for the HTML login page to come when connected and also to authenticate when it is the only DHCP server on the network and less than 150 systems are on the network. Mean while MSM760 is capable of supporting up to 2000 users.
0 Kudos
Fred!
Trusted Contributor

тАО10-26-2010 05:31 AM

тАО10-26-2010 05:31 AM

Re: MSM760 delays before it brings up the login in page

The IP conflict IS most likely the issue. The protection that the controller has in place is that it will terminate both sessions as it is deemed as a potential attach on the network (IP spoofing).

Therefore your users will be kicked out of the network, which means they will have to relogin again, which may lead to having a lot of requests on the login page, which may lead to higher delay in displaying the login page, and it also means that if users are not authenticated the security mechanisms in place inside the controller will make sure the users will not be able to ping each other.

In my opinion most of your problems (if not all of them) are very much linked to the confict with the IP address.. (my 2 cents).
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.