Security

Reply
New Contributor

Android onboard issue

Hi All,

 

I have an issue with Android on-board, where cant connect to google play store to download quick connect.

 

I have a setup of IAPs (as virtual controllers) and CP onboard CPPM server, I am using 2 SSIDs for onboarding process.

 

The first one is open to authorise if device is allowed to on-board by issuing AD credentials and second oen for EAP TLS authentication. As soon i connect to first open SSID it redirects me to download quick connect, however as soon I click to download quick client I get redirected to google play store which goes unsuccessful and start getting retry (to connect google play) option on adroid device. It appears as it has no internet connectivity to get to google play.

 

I have checked IAP firewall rule and allowed unrestricted access for now and please see attached wall garden list as well to allow google play but no joy. I have checked with windows and apple devices and all working fine on same network.

 

Any help would be much appreciated.

Aruba

Re: Android onboard issue

There is an issue in instant where the acl needs to be IP based instead of FQDN. There will be a fix in a up coming instant releases.

 

Putting android.clients.google.com and *.ggpht.com in IAP's walled garden does not work. You need to figure out to which networks these resolve and put them into your ACL like below (last 6 entries):

 

wlan access-rule pre-auth
 rule 192.168.1.215 255.255.255.255 match tcp 443 443 permit
 rule 192.168.1.215 255.255.255.255 match tcp 80 80 permit
 rule 192.168.1.209 255.255.255.255 match udp 53 53 permit
 rule 173.194.0.0 255.255.0.0 match tcp 80 80 permit
 rule 74.125.0.0 255.255.0.0 match tcp 80 80 permit
 rule 209.85.0.0 255.255.0.0 match tcp 80 80 permit
 rule 173.194.0.0 255.255.0.0 match tcp 443 443 permit
 rule 74.125.0.0 255.255.0.0 match tcp 443 443 permit
 rule 209.85.0.0 255.255.0.0 match tcp 443 443 permit

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
New Contributor

Re: Android onboard issue

Hi Troy,

 

Many thanks for your help, i can confirm it is working now. However should i assume there are issues with IAP firewall section? As i can see that i didn't allowed any dhcp traffic in pre-auth rule but still i get an ip and being redirected to initial on-boarding page.

 

Regards

A Ali

New Contributor

Re: Android onboard issue

Hi Troy,

 

furthermore to my last post, am I right to understand while going through WLAN wizard as soon we configure to get IP as network assigned then we don't need to create any firewall rule? Does IAP automatically creates any hidden FW rule to allow dhcp traffic? Please see attachment.

Occasional Contributor II

Re: Android onboard issue

Hi Troy,

 

There are a lot of posts around about this topic and I am wondering if Aruba is maintaining a qualified list that we can rely on? We are in all parts of the world so have a fear with a rollout that we will be gobbled up by all the Google datacentres. 

 

Thanks

Ken

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: