Security

Reply
New Contributor
Posts: 2
Registered: ‎01-15-2014

iphone stuck in DENY role

when I add iphone device mac address to xxxx-MACADDR  SSID CLI acknowledges it in the database  but the iphone cannot connect to internet even after getting IP address.....I tried adding an android same way same AP  and it connected lickety split 

I turned oFF cellular....I forgot about this network.....no help

weird thing to me is that when I connect to different SSID that requires a portal   it works fine

should I just go home ? 

 

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: iphone stuck in DENY role

Are you using mac authentication?  Did you put the mac address in the right format?  Use "aaa user delete <mac address>" to remove it from the user table and try again.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
New Contributor
Posts: 2
Registered: ‎01-15-2014

Re: iphone stuck in DENY role

Yes mac auth and I did try the aaa user delete several times and the iphone receives IP address in correct subnet etc but never advances beyond the Deny role...why would it work with the other authentications

Paul Crea
Network Engineer
Los Angeles County Office of Education
Technology Infrastructure Services
Technology Services
Office (562) 922-6669
Fax (562) 922-8841
Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: iphone stuck in DENY role

Turn on client debugging:

 

config t

logging level debugging user-debug <mac of iphone>

aaa user delete mac <mac of iphone>

 

Try to connect and after you fail, type "show log user-debug 50" to see why the iPhone ends up in the Deny role.

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba
Posts: 1,635
Registered: ‎04-13-2009

Re: iphone stuck in DENY role

Also, run the following to identify why the iPhone is in the "Deny" role it is.

 

show aaa state user x.x.x.x (IP of user in question)

 

Look for the Role Derivation line:

 

Name: chris, IP: 192.168.13.152, MAC: 40:0e:85:01:b5:69, Role: secure.user.all, ACL: 60/0, Age: 00:06:26
Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-PEAP, server: cppm-1.lab.net
Authentication Servers: dot1x authserver: cppm-1.lab.net, mac authserver:
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: default for authentication type 802.1x
VLAN Derivation: Default VLAN
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
..........................

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: