Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How to Stop Corp Wifi User to connect Guest SSID Automatically

This thread has been viewed 2 times

  • 1.  How to Stop Corp Wifi User to connect Guest SSID Automatically

    Posted Sep 18, 2017 08:05 AM

    Hi All,

     

    I have post the same query under clearpass section also. I apology if i

    made a mistake. Not sure where to ask this quetion.

     

    We have a very large Aurab Wifi Network in our enterprise. I am dealing with a situation where users are complaining that they can't access corporate emails using Wifi  . This happen interminttently . After doing some research I find out the cause it happen only when their devices moves from Corp SSID to Guest SSID.automatically switch over. 

    The only work around is to click on the Guest SSId and select Forget this network. But then some other complain the same issue. 

     

    Our Corp SSID is 802.1x auth and all the mobile devices ( Android , IOS) are contolled and profiled by Airwatch. 

    Guest SSID is open and allow the device gets IP address it  get authenticaed by  Captive portal on Clearpass. 

     

    I am working to find out the solution if there is any rule or polices we can configure on controller/clearpass to stop them moving from CORP SSID to Guest SSID automatically, which will stop them  giving an IP address from the DHCP scope which is resereved for Guest user

     

    The reason is  , lets say if the user is by mistake connected to Guest and if he try back to CORP SSID manually , his Wifi still doesn't work becuase on the Controller now i see 2 profiles. Guest role and Corp-SSID user role.  The only work around is to delete the user cache profile and push him back to connect again on Corp SSID.

     

    I would really appreciate Aruab community memeber if they can suggest me better solution to fix this issue. 



  • 2.  RE: How to Stop Corp Wifi User to connect Guest SSID Automatically

    EMPLOYEE
    Posted Sep 18, 2017 09:50 AM
    You can write an enforcement rule that looks for MDM attributes and returns a deny access role or even a role with a captive portal information screen telling the user to forget the network.


  • 3.  RE: How to Stop Corp Wifi User to connect Guest SSID Automatically

    Posted Sep 18, 2017 02:29 PM

    Hi Tim,

     

    Thanks for your prompt reply. I will try your solution today when i will go back to work. Just wondering if you have a  document which can guide me how to implement this exactly . Not sure how many rules require .  

    Many Thanks 

    Vsha



  • 4.  RE: How to Stop Corp Wifi User to connect Guest SSID Automatically

    Posted Sep 19, 2017 01:51 AM

    Hi All,

     

    Thank you for your guidance. I apologise may be I didn't make it very clear. 

    the problem we are facing is automatic switchover to Guest SSID and we confirmed it users are not doing it manually.

     

    This is the recent issue -- For example. --

    Let's say VIP users at different location connected to CORP SSID and using their AIrwatch enabled Mobile devices( mostly IPad and Iphone)  to access email and shared drives. 

    For some reason their phone move from CORP SSID to Guest SSID and they never see this change over from IPAD/Iphone Screen until they go and check in the setting to cofirm what's the issue. After that they can't access their email or shared drives. 

    I do understand currently the Guest SSId is open for everyone to get IP address and re direct user to Captive portal. 

    But looking for a soultion --Is there any configuration which we can apply and stop the CORP devices to move to Guest network and  to get an IP address

     

    Again, Thanks in advance for giving your time. 



  • 5.  RE: How to Stop Corp Wifi User to connect Guest SSID Automatically

    MVP EXPERT
    Posted Sep 19, 2017 03:42 AM

    Are the devices managed by some kind of profile? I know there is the ability to "block" certain SSID's when the device is managed by a profile.



  • 6.  RE: How to Stop Corp Wifi User to connect Guest SSID Automatically

    EMPLOYEE
    Posted Sep 18, 2017 09:50 AM
    You can write an enforcement rule that looks for MDM attributes and returns a deny access role or even a role with a captive portal information screen telling the user to forget the network.


  • 7.  RE: How to Stop Corp Wifi User to connect Guest SSID Automatically

    Posted Sep 20, 2017 07:02 AM
    As zallion0 said, I know Windows can block SSIDs via group policy. I actually saw this enabled for one of our departments just a couple weeks ago and it works well.


    #AirheadsMobile


  • 8.  RE: How to Stop Corp Wifi User to connect Guest SSID Automatically

    Posted Sep 21, 2017 10:48 PM
      |   view attached

    Hello everyone,,

     

    Thanks for joining the discussio. Finally, I have log a ticket with Aruba Support to work on this and according to them, 

    There are lots of diassocation happening from the device , which allowing it to connect to the Guest SSID. 

     

    I have been also advise to look for firmware upgrade option because the current version we are using is 6.4.2.6 and has some bug which is resolved in 6.4.4.15. 

     

    All suggestion are welcome , please tell me what the next stable release in 6.4.4 series. 

     

    I saw that IOS version advise by Aruba TAC is fairly new , only 2 months old. He assured that it should resolve this issue. and should be alright. 

     

    Please suggest me what the next stable version. why i am worried is becuase I have to upgrade 200 controllers. 

     

    Thanks,