Security

Reply
Contributor I

Guest Registration Disable Issue

I have been able to get a self registration working for IOT devices where there is not a captive portal using a COA to another VLAN (666).  However, when I disable that registred device, it kicks it off of the VLAN666 but the device still has an IP Address showing and it can still browse the internet.  However, when I forget the network and then try and reconnect, I see the expected behavior again.  

It seems that I am missing a role communication with the controller.  Thoughts?  Attached are my clearpass enforcements. 

Guru Elite

Re: Guest Registration Disable Issue

Just to be clear, you're using Device Registration, not Guest Self-Registration, correct?


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Guest Registration Disable Issue

Correct. Device Registration.


Guru Elite

Re: Guest Registration Disable Issue

Do you see a DM/CoA tab in the original access tracker request?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Guest Registration Disable Issue

There is:

Date and Time:  May 07, 2018 15:50:45 PDT

Application Name:  Policy Manager

RADIUS CoA Action Type:  Disconnect

RADIUS CoA Action Name:  [ArubaOS Wireless - Terminate Session]

Status Code:  1

Status Message:  Radius [ArubaOS Wireless - Terminate Session] successful for client 0034da9dc724.

RADIUS CoA Attributes:  Calling-Station-Id = 0034DA9DC724

Contributor I

Re: Guest Registration Disable Issue

Also, When I reactivate that device, it doesn't seem to re-check for the network.  There are a few things about this that are getting me.  The device shows up in the association table, but if I do a lookup in the user-table, they aren't showing up and they show offline in the CPPM access tracker. 

 

 

Guru Elite

Re: Guest Registration Disable Issue

Best to work with Aruba TAC.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: