03-02-2016 09:31 AM
I am having issues getting the QuickConnect download from Google play to work consistantly. It was working last week, and this week it is again not working.
How do you guys manage your ACL to keep this working all the time?
I have created a policy in my OnBoard role which allows two things
user > any : App 'Google-play'
user > 'AppStores' : Service: Any
AppStores is a destination group i have created which contains all the following:
network 18.104.22.168 255.255.0.0
network 22.214.171.124 255.255.0.0
network 126.96.36.199 255.255.0.0
network 188.8.131.52 255.255.0.0
network 184.108.40.206 255.255.240.0
network 220.127.116.11 255.255.240.0
network 18.104.22.168 255.255.192.0
network 22.214.171.124 255.255.248.0
network 126.96.36.199 255.255.240.0
network 188.8.131.52 255.255.128.0
network 184.108.40.206 255.255.224.0
network 220.127.116.11 255.255.224.0
network 18.104.22.168 255.255.224.0
network 22.214.171.124 255.255.224.0
network 126.96.36.199 255.255.240.0
This is a list of /16, /19, /20, /21 subnets for google which I have found on the internet. However the download still does not work...
I have followed the instructions here https://support.google.com/a/answer/60764?hl=en to try to add all the google IPs, and still does not work. The other issue is that when i open up all these ranges users can access a bunch of google services before they even onboard their device, such as google image search, maps, etc. Also, this causes the google 'network assistant' to fail, so users need to manually open a browser and browse to a non-google website to trigger the onboarding process. This is not ideal.
How can i allow access to the google play store, and download of applications? Has anyone found a solution which works, and does not need to be updated on a weekly basis?
Thanks for any advice you can provide.
ACDX, ACCP, CISSP, CWNA
Solved! Go to Solution.
03-02-2016 09:35 AM - edited 03-02-2016 09:35 AM
It should work with only the 3 below.
(BOSTON-7010) # show netdestination ND-GOOGLEPLAY Name: ND-GOOGLEPLAY Position Type IP addr Mask-Len/Range -------- ---- ------- -------------- 1 name 0.0.0.37 android.clients.google.com 2 name 0.0.0.38 *.gvt1.com 3 name 0.0.0.39 *.ggpht.com
Also, another option is to upload the APK to ClearPass and provide a link to download on the Onboard page.
03-02-2016 09:42 AM
Thanks for the quick reply Tim, i added the *.gvt1.com and that got it working.
Perhaps someone over at Aruba should update the page http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-permit-Google-play-store-access-for-captive-portal-guest/ta-p/181652 to reflect this. I see now that there is a comment form you there with this information as well. I need to make sure to read the comments in the future as the answers are often there.
ACDX, ACCP, CISSP, CWNA