09-25-2013 09:06 AM - last edited on 05-13-2014 01:13 PM by Srynearson
I have an issue with Android on-board, where cant connect to google play store to download quick connect.
I have a setup of IAPs (as virtual controllers) and CP onboard CPPM server, I am using 2 SSIDs for onboarding process.
The first one is open to authorise if device is allowed to on-board by issuing AD credentials and second oen for EAP TLS authentication. As soon i connect to first open SSID it redirects me to download quick connect, however as soon I click to download quick client I get redirected to google play store which goes unsuccessful and start getting retry (to connect google play) option on adroid device. It appears as it has no internet connectivity to get to google play.
I have checked IAP firewall rule and allowed unrestricted access for now and please see attached wall garden list as well to allow google play but no joy. I have checked with windows and apple devices and all working fine on same network.
Any help would be much appreciated.
Solved! Go to Solution.
09-25-2013 02:23 PM
There is an issue in instant where the acl needs to be IP based instead of FQDN. There will be a fix in a up coming instant releases.
wlan access-rule pre-auth
rule 192.168.1.215 255.255.255.255 match tcp 443 443 permit
rule 192.168.1.215 255.255.255.255 match tcp 80 80 permit
rule 192.168.1.209 255.255.255.255 match udp 53 53 permit
rule 22.214.171.124 255.255.0.0 match tcp 80 80 permit
rule 126.96.36.199 255.255.0.0 match tcp 80 80 permit
rule 188.8.131.52 255.255.0.0 match tcp 80 80 permit
rule 184.108.40.206 255.255.0.0 match tcp 443 443 permit
rule 220.127.116.11 255.255.0.0 match tcp 443 443 permit
rule 18.104.22.168 255.255.0.0 match tcp 443 443 permit
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
09-26-2013 02:00 AM
Many thanks for your help, i can confirm it is working now. However should i assume there are issues with IAP firewall section? As i can see that i didn't allowed any dhcp traffic in pre-auth rule but still i get an ip and being redirected to initial on-boarding page.
09-26-2013 02:08 AM
furthermore to my last post, am I right to understand while going through WLAN wizard as soon we configure to get IP as network assigned then we don't need to create any firewall rule? Does IAP automatically creates any hidden FW rule to allow dhcp traffic? Please see attachment.
09-22-2015 09:19 AM
There are a lot of posts around about this topic and I am wondering if Aruba is maintaining a qualified list that we can rely on? We are in all parts of the world so have a fear with a rollout that we will be gobbled up by all the Google datacentres.