Wireless Access

Reply
Occasional Contributor II
Posts: 16
Registered: ‎08-08-2012

Android phone connection issues

I'm having a weird issue with Android phones.  They connect to my SSID, get an IP address through my DHCP server, but the client does not register as a user, I can't ping the phone's IP address through the controller, and the phone does not get the captive portal auth screen.  I've done some research on here, and allowed CRL and OCSR web sites through, but still cannot connect via these devices.  All other devices connect fine.  I setup the phone via MAC authentication which puts it into a role where all traffic is allowed through, and I still have no connection between the controller and the phones.  Hopefully, someone has solved this issue and can help me out.  Thanks!

Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: Android phone connection issues

Is the phone able to ping its default gateway? Can you see the phone in the station table?
--
HT
Occasional Contributor II
Posts: 16
Registered: ‎08-08-2012

Re: Android phone connection issues

No on both counts.  Baffling to me, how it can obtain a DHCP address and not be able to move traffic.

Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: Android phone connection issues

Since the phone is not showing up in the user-table and station-table, we should troubleshoot that part.

Make sure you are checking the correct controller where the AP is terminating.
If you know which AP you are associating to then run the following command:
show ap debug client-table ap-name <ap-name> will show you all the clients associated to that AP.

Also, I would recommend turning on debugging for the user

logging level debugging user-debug <user-mac>
--
HT
Occasional Contributor I
Posts: 10
Registered: ‎07-04-2008

Re: Android phone connection issues

I have same situation with the Androids...but JUST with the Androids. Here is an user-debug:

 

Sep 5 11:02:05 :501065:  <DBUG> |stm|  send_ageout_sta_ack 8157: Send ageout sta 28:98:7b:5d:dd:b4 ack back to AP (10.136.1.9)
Sep 5 11:02:05 :501105:  <NOTI> |stm|  Deauth from sta: 28:98:7b:5d:dd:b4: AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1 Reason STA has left and is deauthenticated
Sep 5 11:02:05 :501065:  <DBUG> |stm|  Sending STA 28:98:7b:5d:dd:b4 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:0
Sep 5 11:02:05 :500511:  <DBUG> |mobileip|  Station 28:98:7b:5d:dd:b4, 0.0.0.0: Received disassociation on ESSID: infobex-corp Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name infobex-ap1 Group infobex-ap BSSID 6c:f3:7f:db:8b:d1, phy g, VLAN 1
Sep 5 11:02:05 :522036:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station DN: BSSID=6c:f3:7f:db:8b:d1 ESSID=infobex-corp VLAN=1 AP-name=infobex-ap1
Sep 5 11:02:05 :500010:  <NOTI> |mobileip|  Station 28:98:7b:5d:dd:b4, 255.255.255.255: Mobility trail, on switch 10.136.3.241, VLAN 1, AP infobex-ap1, infobex-corp/6c:f3:7f:db:8b:d1/g
Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 ingress 0x1090 (tunnel 16), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  station free: bssid=6c:f3:7f:db:8b:d1, @=0x108c4644
Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 Send Station delete message to mobility
Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  28:98:7b:5d:dd:b4: station datapath entry deleted
Sep 5 11:02:05 :501000:  <DBUG> |stm|  Station 28:98:7b:5d:dd:b4: Clearing state
Sep 5 11:02:16 :501095:  <NOTI> |stm|  Assoc request @ 11:02:16.815173: 28:98:7b:5d:dd:b4 (SN 4): AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1
Sep 5 11:02:16 :501100:  <NOTI> |stm|  Assoc success @ 11:02:16.818383: 28:98:7b:5d:dd:b4: AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1
Sep 5 11:02:16 :501065:  <DBUG> |stm|  Sending STA 28:98:7b:5d:dd:b4 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:0
Sep 5 11:02:16 :500511:  <DBUG> |mobileip|  Station 28:98:7b:5d:dd:b4, 0.0.0.0: Received association on ESSID: infobex-corp Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name infobex-ap1 Group infobex-ap BSSID 6c:f3:7f:db:8b:d1, phy g, VLAN 1
Sep 5 11:02:16 :500010:  <NOTI> |mobileip|  Station 28:98:7b:5d:dd:b4, 0.0.0.0: Mobility trail, on switch 10.136.3.241, VLAN 1, AP infobex-ap1, infobex-corp/6c:f3:7f:db:8b:d1/g
Sep 5 11:02:16 :522035:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station UP: BSSID=6c:f3:7f:db:8b:d1 ESSID=infobex-corp VLAN=1 AP-name=infobex-ap1
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 ingress 0x1090 (tunnel 16), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 5 11:02:16 :522038:  <INFO> |authmgr|  username=arubademo MAC=28:98:7b:5d:dd:b4 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=infobex-radius
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  Auth done called from Authenticated state
Sep 5 11:02:16 :522044:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station authenticate(start): method=802.1x, role=logon//, VLAN=1/1/0/0/0, Derivation=0/0, Value Pair=1
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  {L2} infobex-default from profile "infobex-corp-aaa_prof"
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  {L2} Update role from logon to infobex-default for IP=0.0.0.0
Sep 5 11:02:16 :522049:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4,IP=N/A User role updated, existing Role=logon/none, new Role=infobex-default/none, reason=Station Authenticated with auth type: 4
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  download-L2: acl=57/0 role=infobex-default, tunl=0x1090, PA=0, HA=1, RO=0, VPN=0
Sep 5 11:02:16 :522050:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4,IP=N/A User data downloaded to datapath, new Role=infobex-default/57, bw Contract=0/0,reason=Download driven by user role setting
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  Station authenticate has l2 role :infobex-default default role logon logon role logon
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|   Valid Dot1xct, remote:0, assigned:1, default:1,current:1,termstate:0, wired:0,dot1x enabled:1, psk:0 static:0 bssid=6c:f3:7f:db:8b:d1
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  Vlan assignment is not needed during station authentication
Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 def_vlan 1 derive vlan: 0 auth_type 4 auth_subtype 4
Sep 5 11:02:16 :522029:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station authenticate: method=802.1x, role=infobex-default//, VLAN=1/1/0/0/0, Derivation=1/0, Value Pair=1
Sep 5 11:02:17 :522026:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 IP=0.0.0.0 User miss: ingress=0x1090, VLAN=1
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 61, signature 3D0128987B5DDDB4
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 50, signature 320A880121
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 57, signature 3905DC
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 60, signature 3C64686370636420342E302E3135
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 55, signature 3701792103060F1C333A3B77
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  DHCP ACK mac 28:98:7b:5d:dd:b4, client ip 10.136.1.33, server ip 0.0.0.0

 

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Android phone connection issues

[ Edited ]

type "show rights infobex-default" to see what ACLs are applied to that client.

 

You also did not say what version of ArubaOS.

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 10
Registered: ‎07-04-2008

Re: Android phone connection issues

OS version is 6.1.3.4

Occasional Contributor I
Posts: 10
Registered: ‎07-04-2008

Re: Android phone connection issues

(Aruba3600) #show rights infobex-default

Derived Role = 'infobex-default'
 Up BW:No Limit   Down BW:No Limit  
 L2TP Pool = default-l2tp-pool
 PPTP Pool = default-pptp-pool
 Periodic reauthentication: Disabled
 ACL Number = 58/0
 Max Sessions = 65535


access-list List
----------------
Position  Name      Location
--------  ----      --------
1         allowall  

allowall
--------
Priority  Source  Destination  Service  Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------  ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         any     any          any      permit                           Low                                                           4
2         any     any          any      permit                           Low                                                           6

Expired Policies (due to time constraints) = 0

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Android phone connection issues

Please open a TAC case to get this resolved.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 16
Registered: ‎08-08-2012

Re: Android phone connection issues

hthakker,

 

Sorry for the late response, I was out of the office for a few days.  Here is the result of the sh ap debug client-table ap-name command:

 

c8:aa:21:40:7b:bb  CCMWireless  d8:c7:c8:f8:aa:90  Associated     Qb        0x1  Power-save  (1,0,0,0,2,8)    3        76       0        0           1        65       0             33           2[0x3]     Wed Sep  5 10:15:50 2012  Wed Sep  5 10:17:04 2012

00:19:7d:c5:55:ad  CCMWireless  d8:c7:c8:f8:aa:90  Associated     None      0x2  Power-save  (0,0,0,0,N/A,0)  4        240      0        0           24       54       54            52           2[0x3]     Wed Sep  5 10:12:30 2012  Wed Sep  5 10:16:39 2012

b8:17:c2:4e:f9:c6  CCMWireless  d8:c7:c8:f8:aa:90  Authenticated  M              Awake       (0,0,0,0,N/A,0)  3        93       0        0           1        1        15            12           2[0x3]     Wed Sep  5 10:16:28 2012  Wed Sep  5 10:16:45 2012                                                                                                                                                                                                                                        UAPSD:(VO,VI,BK,BE,Max SP,Q Len) HT Flags: A - LDPC Coding; W - 40Mhz; S - Short GI HT40; s - Short GI HT20           D - Delayed BA; G - Greenfield; R - Dynamic SM PS           Q - Static SM PS; N - A-MPDU disabled; B - TX STBC           b - RX STBC; M - Max A-MSDU; I - HT40 Intolerant

 

Here's the results of the sh user-table command for that user (no results):

(wireless2) #show user | include 7b:bb  

 

 

Here's the results of the show log user-debug command:

Sep 5 10:11:50 :501095:  <NOTI> |stm|  Assoc request @ 10:11:50.596132: c8:aa:21:40:7b:bb (SN 1): AP 10.60.0.72-d8:c7:c8:f8:aa:90-EHServerRoom
Sep 5 10:11:50 :500010:  <NOTI> |mobileip|  Station c8:aa:21:40:7b:bb, 255.255.255.255: Mobility trail, on switch 10.180.0.2, VLAN 189, AP EH204/209, CCMWireless/d8:c7:c8:f8:93:30/g
Sep 5 10:11:50 :522036:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station DN: BSSID=d8:c7:c8:f8:93:30 ESSID=CCMWireless VLAN=189 AP-name=EH204/209
Sep 5 10:11:50 :501080:  <NOTI> |stm|  Deauth to sta: c8:aa:21:40:7b:bb: Ageout AP 10.60.0.82-d8:c7:c8:f8:93:30-EH204/209 STA has left and is deauthenticated
Sep 5 10:11:50 :501100:  <NOTI> |stm|  Assoc success @ 10:11:50.603915: c8:aa:21:40:7b:bb: AP 10.60.0.72-d8:c7:c8:f8:aa:90-EHServerRoom
Sep 5 10:11:50 :500010:  <NOTI> |mobileip|  Station c8:aa:21:40:7b:bb, 0.0.0.0: Mobility trail, on switch 10.180.0.2, VLAN 189, AP EHServerRoom, CCMWireless/d8:c7:c8:f8:aa:90/g
Sep 5 10:11:50 :522035:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station UP: BSSID=d8:c7:c8:f8:aa:90 ESSID=CCMWireless VLAN=189 AP-name=EHServerRoom
Sep 5 10:11:50 :522038:  <INFO> |authmgr|  username=C8:AA:21:40:7B:BB MAC=c8:aa:21:40:7b:bb IP=0.0.0.0 Authentication result=Authentication Successful method=MAC server=Internal
Sep 5 10:11:50 :522044:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station authenticate(start): method=MAC, role=CCMWireless2-logon//, VLAN=189/189/0/0/0, Derivation=10/0, Value Pair=1
Sep 5 10:11:50 :522017:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb IP=?? Derived role 'GDlaptops' from server rules: server-group=default, authentication=MAC
Sep 5 10:11:50 :522049:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb,IP=N/A User role updated, existing Role=CCMWireless2-logon/none, new Role=GDlaptops/none, reason=Station Authenticated with auth type: 2
Sep 5 10:11:50 :522050:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb,IP=N/A User data downloaded to datapath, new Role=GDlaptops/58, bw Contract=0/0,reason=Download driven by user role setting
Sep 5 10:11:50 :522029:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station authenticate: method=MAC, role=GDlaptops//, VLAN=189/189/0/0/0, Derivation=2/0, Value Pair=1

 

So, it seems the Android is being authenticated, but then the controller has no information on it.  I only have one controller, BTW.

Search Airheads
Showing results for 
Search instead for 
Did you mean: