Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

WLAN End Clients not transitioning from Non-Authenticated VLAN to new Authenticated VLAN and keeping IP address from Non-Auth VLAN

« Go Back

Information

 
TitleWLAN End Clients not transitioning from Non-Authenticated VLAN to new Authenticated VLAN and keeping IP address from Non-Auth VLAN
Symptoms
WLAN End Clients not transitioning from Non-Auth VLAN to new Auth VLAN and keeping IP address from Non-Auth VLAN
Environment
  • 10.21.02
  • AP 3825i
  • AP 3710
  • AP 3715
Cause
With the Max Lease duration set too high on the DHCP server... certain client types ... Apple clients historically ... but also others ... will "hold on" to the IP address they were assigned first in their Non-Authenticated Role ... and even after authentication has finished and they may have been assigned a new Authenticated Role from NAC or RADIUS for example ... and that new Role may have moved them into a new VLAN and/or topology which a new IP scheme. This causes them to have an IP in the wrong subnet.
Resolution
Set the min and max lease durations in the DHCP server that provides IP addresses for the Non-Authenticated Role to be relatively low and the same like 20 seconds and 20 seconds or 30 and 30 seconds.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255