Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎06-27-2007

Onboard Reconnect Issue with iOS - CoA Failure

I am having an issue where iOS devices are not reconnecting after being onboarded.  I have tracked this down to ClearPass not sending out a CoA disconnect after the device is onboarded.  The application log on CPG shows a "missing attributes" error message (see screenshot) during the onboard process. 

 

I have confirmed that ClearPass is otherwise able to send CoA messages to the Aruba controller.  Disconnecting active sessions in CPG works fine, and disconnecting via Access Tracker also works as expected.  The option "include switch IP in redirection URL" is enabled in the captive portal profile. 

 

I have confirmed via packet capture that the CoA message is never sent to the Aruba controller after onboarding.  

 

I am using CP 6.3.0.60730 and ArubaOS 6.3.1.2

 

Anything else I can check before calling TAC? 

 

 

 

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Onboard Reconnect Issue with iOS - CoA Failure

Are you sending out the device IP in the URL redirect in the CP profile?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Frequent Contributor I
Posts: 83
Registered: ‎06-27-2007

Re: Onboard Reconnect Issue with iOS - CoA Failure

Yes, the option "Add switch IP address in the redirection URL" in the CP profile is checked. 

 

MVP
Posts: 4,175
Registered: ‎07-20-2011

Re: Onboard Reconnect Issue with iOS - CoA Failure

 

Do you have Insight enabled ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I
Posts: 83
Registered: ‎06-27-2007

Re: Onboard Reconnect Issue with iOS - CoA Failure

Yes, Insight is enabled.

 

Frequent Contributor I
Posts: 83
Registered: ‎06-27-2007

Re: Onboard Reconnect Issue with iOS - CoA Failure

I figured it out.  The Aruba controller was sending the cp-redirect-address as the switchip in the captive portal redirect URL.  

 

 

Occasional Contributor II
Posts: 18
Registered: ‎02-02-2012

Re: Onboard Reconnect Issue with iOS - CoA Failure

Hello, 

 

I am having the same problem and I suspect for the same reason, mind if you share how exactly you changed the CP-profile so it actually worked? 

 

/Tomas

 

MVP
Posts: 505
Registered: ‎05-11-2011

Re: Onboard Reconnect Issue with iOS - CoA Failure

Tomas, you might have already solved it, but first clue of what happens is to check the URL on your device after redirect. Here you will see switchip=<ip>

To change this you login to CLI, conf t, ip cp-redirect-address <controller-ip>

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: