Security

Reply
MVP

OnBoard using IOS weirdness

Hello!

 

Clearpass 6.4

Aruba Controller 3200 - 6.1.3.4-AirGroup

 

iPad 2 - IOS 7.0.2

 

Scenario: OnBoarding using 2 SSID - one Open Guest, one closed EAP-TLS

OnBoarders can be either self-registered guests or AD users.

 

To the issues

1. Unable to auto-switch to EAP-TLS network after provisioning.

I'm unable to get the auto-switch to closed network to work. correct switchip and mac is in the redirect URL. I've tried removing ALL other networks on the iPad. Changing the onboard settings to a manual click to switch.. 

No luck! Neither at Customer site nor in my lab.

 

Should this be working? And if so - what the heck are you running and what kind of config makes this possible?

 

2. Safari hangs during provisioing-login

Customer complains that Safari just hangs and not doing anything when their AD users input their AD credentials in the onboard provisioning page using their iPad. I can replicate it so it happens alot. I can even type in wrong password and nothing further happens. If I try to trigger a new redirect while Safari is "busy" - I just get a page can't be located error message.

Note that in this scenario there is NO messages in the Access Tracker that I'm even trying to log in. So it seems that Safari just halts any traffic.

 

I then kill Safari, re-open and trigger a new redirect. This time login is succesfull and I run through the provisioning process without any problem.

 

 

This sound familiar to anyone? **bleep** annoying ... Especially since I can't use any other browser than Safari to actually do the provisioning..


Regards
John Solberg

-ACMX #316 :: ACCP :: ACSA
Aruba Partner Ambassador
Intelecom Group - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Aruba

Re: OnBoard using IOS weirdness

That is a limitation with IOS. It will not auto switch to the a seperate SSID. The only way to do what you are trying to accomplish is to use PEAP and TLS on the secure SSID

 

1. user connects with PEAP and gets onboarding role

2. Onboards

3. Controller sends COA

4. Device will reconnect with TLS after the bounce

 

https://ase.arubanetworks.com/solutions/id/34

 

 

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP

Re: OnBoard using IOS weirdness

Not sure if this is just coincidence, but I've tried this several times with various IOS devices now and there is a discrepency in how this works.

 

I've now removed the "automatic" switching to secure-SSID so there is instead a "Connect" button on the provision page.

 

iPhone 6 with IOS 8.1.1 - is switched from open-SSID to secure-SSID using the Connect button.

iPad Retina with IOS 8.1.1 - is NOT switched from open-SSID to secure-SSID using the Connect button.

iPhone 5s with IOS 8.1.1 - is NOT switched from open-SSID to secure-SSID using the Connect button.

iPad 2 with IOS 8.1 - is NOT switched from open-SSID to secure-SSID using the Connect button.

 

Now - I'm also having trouble getting the profiles on the iPad2 after installing IOS 8.1.1. Just says "unable to install profiles. the iPad is not activated"

 

It's above average frustrating to work with these clients...


Regards
John Solberg

-ACMX #316 :: ACCP :: ACSA
Aruba Partner Ambassador
Intelecom Group - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: