Security

We are having a problem with connecting android devices to the wi-fi. The solution is based on AirWatch, and the devices connect to Aruba and authenticates against a steel belted radius server (SBR) or Network Policy Server (Microsoft NPS) . The devices successfully authenticate against the SBR but it does not  seem to get an IP Address. The device displays as connected to wi-fi message for a few seconds but then disconnects and tries again. The Aruba logs seem to indicate that the Android client is disassociating itself from the network not pushed by the Aruba or the SBR to disassociate. We have tried 3 devices, a Samsung galaxy note 2, a samsung galaxy s3 mini and and a  HTC one x that is rooted. The Rooted HTC phone seems to work with SBR but not NPS and the other android devices just keep getting this DHCP loop. I have tried using static addresses on the devices too which hasn't helped. The devices use Android Jelly beans 4.1/2. They can successfully connect to other wi-fi networks on the same aruba but not with certificate based security. 

The strange part is that Ios devices seem to connect flawlessly each time to both SBR and NPS. The certificates are all available on the devices and they are identical to the certificate used for IOS so there shouldn't really be an issue!

FYI the DHCP server is a microsoft solution.

This is really starting to get urgent as we have been spending a lot of time trying to get this to work!

Any suggestions? 

Thanks!

What type of cert are you using ?

What AOS do you have installed ?

Please enable logging level debugging user-debug <device mac>

Also run a show auth-tracebuf | include <device mac> and see what's happening during the authentication process 

Check to see if the radius server logs if the EAP response is making it there 

Do you see the DHCP discover coming from the device ? 

You should probably open a TAC case 

One note is that I have seen some of the Android device will not select the correct Server cert.

I would go in and manually set one and see if that is the issue.

When you say that do you mean, when connecting to the wifi network, i need to select the correct certs in android? because i do that each time and the issue still happens. Or is there another location i need to add the cert.

This solution uses EAP-TLS, my main problem is i don't have access to the aruba controller, but if i can find a viable reason why the aruba could be causing the problem i can get the people who have access to help me troubleshoot it!

Regards,

Dan

---

@Gavrai wrote:

When you say that do you mean, when connecting to the wifi network, i need to select the correct certs in android? because i do that each time and the issue still happens. Or is there another location i need to add the cert.

 

This solution uses EAP-TLS, my main problem is i don't have access to the aruba controller, but if i can find a viable reason why the aruba could be causing the problem i can get the people who have access to help me troubleshoot it!

 

Regards,

Dan

---

Gavrai,

These problems can be very complicated, so the person who has access to the Aruba Controller, the SBR and the Android device should be involved in the troubleshooting so that we can narrow down what the issue is.  Please get all of these people involved and if it is urgent as you say, open a TAC case so that you can get to the bottom of it ASAP.  We can spend literally days here guessing what the problem is, but if we do not have access to the SBR and the Aruba controller to make sure everything is correct at every point, we will just be guessing.