Security

Reply
Frequent Contributor I

Onboard Reconnect Issue with iOS - CoA Failure

I am having an issue where iOS devices are not reconnecting after being onboarded.  I have tracked this down to ClearPass not sending out a CoA disconnect after the device is onboarded.  The application log on CPG shows a "missing attributes" error message (see screenshot) during the onboard process. 

 

I have confirmed that ClearPass is otherwise able to send CoA messages to the Aruba controller.  Disconnecting active sessions in CPG works fine, and disconnecting via Access Tracker also works as expected.  The option "include switch IP in redirection URL" is enabled in the captive portal profile. 

 

I have confirmed via packet capture that the CoA message is never sent to the Aruba controller after onboarding.  

 

I am using CP 6.3.0.60730 and ArubaOS 6.3.1.2

 

Anything else I can check before calling TAC? 

 

 

 

Re: Onboard Reconnect Issue with iOS - CoA Failure

Are you sending out the device IP in the URL redirect in the CP profile?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Frequent Contributor I

Re: Onboard Reconnect Issue with iOS - CoA Failure

Yes, the option "Add switch IP address in the redirection URL" in the CP profile is checked. 

 

Re: Onboard Reconnect Issue with iOS - CoA Failure

 

Do you have Insight enabled ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: Onboard Reconnect Issue with iOS - CoA Failure

Yes, Insight is enabled.

 

Frequent Contributor I

Re: Onboard Reconnect Issue with iOS - CoA Failure

I figured it out.  The Aruba controller was sending the cp-redirect-address as the switchip in the captive portal redirect URL.  

 

 

Occasional Contributor II

Re: Onboard Reconnect Issue with iOS - CoA Failure

Hello, 

 

I am having the same problem and I suspect for the same reason, mind if you share how exactly you changed the CP-profile so it actually worked? 

 

/Tomas

 

MVP

Re: Onboard Reconnect Issue with iOS - CoA Failure

Tomas, you might have already solved it, but first clue of what happens is to check the URL on your device after redirect. Here you will see switchip=<ip>

To change this you login to CLI, conf t, ip cp-redirect-address <controller-ip>

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: