Security

Reply
Frequent Contributor I
Posts: 68
Registered: ‎12-14-2012

Android devices not forcing re-authentication after removed from Blacklist

This Question came from a class I was in so I may not be able to provide more details.

 

When IOS devices or Android devices get blacklisted they are locked off the network. Later when the blacklist expires the IOS devices will have to re-enter their Auth credentials. but the Android devices just pop back onto the network with no user intervention or authentication.

 

is this normal behaviour ? 

 

Why would the Android not re-authenticate to the network ?

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Android devices not forcing re-authentication after removed from Blacklist

Android devices have a built-in supplicant that could be resubmitting the credentials in the background.  Is that possible?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 68
Registered: ‎12-14-2012

Re: Android devices not forcing re-authentication after removed from Blacklist

this could be posible

 

is there a way to disable this or modify the behaviour

 

Granted the issue would then be some admin would have to visit settings on each android device

 

 

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Android devices not forcing re-authentication after removed from Blacklist

There is not a way to override this.   That is the nature of that device..  What kind of authentication are you using?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 125
Registered: ‎07-06-2010

Re: Android devices not forcing re-authentication after removed from Blacklist

Is there a reason why you would want a user to have to re-auth?  It would seem to me that this is working in the most efficient way possible.  Do you do 802.1x?  If the user has a valid account I would expect it to hop back on the network when the blacklist expires... If the account has been disabled or time-access changed in radius the user would obviously not be able to connect.

 

-Dan

New Contributor
Posts: 3
Registered: ‎03-11-2013

Re: Android devices not forcing re-authentication after removed from Blacklist

The user account in the Internal DB has been removed (deleted) before the MAC address is removed from the blacklist.  As soon as the Android device is removed from the blacklist it hops back on the network even though its user account as been removed. All other devices tested (IOS IPod & IPhone, Windows laptop, Mac laptop, blackberry,...) propt the user to re-authenticate after being removed from the blacklist if their account has been removed from the Internal DB.

 

This has been tested in my lab on both a 651 controller with built-in AP as well as on a 650 with a 105 AP.  We are running ArubaOS 6.1 FIPS software.

New Contributor
Posts: 3
Registered: ‎03-11-2013

Re: Android devices not forcing re-authentication after removed from Blacklist

I just tested this in the training class using a 620 controller with a 125 AP running ArubaOS 6.1.2.5 and do not see this behavior.  When I get back to my lab I will make sure what version  of the ArubaOS we are running, and upgrade the software to the latest version if its not already there.

New Contributor
Posts: 3
Registered: ‎03-11-2013

Re: Android devices not forcing re-authentication after removed from Blacklist

OK, so I finally got back into my lab with a new 650 controller which shiped with ArubaOS 6.1.2.5 with an AP-105 and I do not have this issue with Android, but as soon as I upgrade to ArubaOS 6.1.3 FIPS with an AP-104 I once again have an issue with android devices no being forced to re-authenticate after being blacklisted. 

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Re: Android devices not forcing re-authentication after removed from Blacklist

What you might want to do is to turn on user debugging for that device and see if it is even trying to reauthenticate.  It is the device's responsibility to attempt to reattach to the network.  User debugging will show if it is even trying, OR if the controller is still keeping it off the network.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎04-01-2013

Re: Android devices not forcing re-authentication after removed from Blacklist

The device IS reconneting to the network, which is the problem.  After removing the accunt from the internal db and then removing the device from the blacklist it is allowed back on the network.  I am installing the latest FIPS ArubaOS (6.1.4.3) on my controller now and will re-test with it.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: