Wireless Access

Reply
Occasional Contributor II

How to Stop Corp Wifi User to connect Guest SSID Automatically

Hi All,

 

I have post the same query under clearpass section also. I apology if i

made a mistake. Not sure where to ask this quetion.

 

We have a very large Aurab Wifi Network in our enterprise. I am dealing with a situation where users are complaining that they can't access corporate emails using Wifi  . This happen interminttently . After doing some research I find out the cause it happen only when their devices moves from Corp SSID to Guest SSID.automatically switch over. 

The only work around is to click on the Guest SSId and select Forget this network. But then some other complain the same issue. 

 

Our Corp SSID is 802.1x auth and all the mobile devices ( Android , IOS) are contolled and profiled by Airwatch. 

Guest SSID is open and allow the device gets IP address it  get authenticaed by  Captive portal on Clearpass. 

 

I am working to find out the solution if there is any rule or polices we can configure on controller/clearpass to stop them moving from CORP SSID to Guest SSID automatically, which will stop them  giving an IP address from the DHCP scope which is resereved for Guest user

 

The reason is  , lets say if the user is by mistake connected to Guest and if he try back to CORP SSID manually , his Wifi still doesn't work becuase on the Controller now i see 2 profiles. Guest role and Corp-SSID user role.  The only work around is to delete the user cache profile and push him back to connect again on Corp SSID.

 

I would really appreciate Aruab community memeber if they can suggest me better solution to fix this issue. 

Guru Elite

Re: How to Stop Corp Wifi User to connect Guest SSID Automatically

You can write an enforcement rule that looks for MDM attributes and returns a deny access role or even a role with a captive portal information screen telling the user to forget the network.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: How to Stop Corp Wifi User to connect Guest SSID Automatically

You can write an enforcement rule that looks for MDM attributes and returns a deny access role or even a role with a captive portal information screen telling the user to forget the network.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: How to Stop Corp Wifi User to connect Guest SSID Automatically

Hi Tim,

 

Thanks for your prompt reply. I will try your solution today when i will go back to work. Just wondering if you have a  document which can guide me how to implement this exactly . Not sure how many rules require .  

Many Thanks 

Vsha

Occasional Contributor II

Re: How to Stop Corp Wifi User to connect Guest SSID Automatically

Hi All,

 

Thank you for your guidance. I apologise may be I didn't make it very clear. 

the problem we are facing is automatic switchover to Guest SSID and we confirmed it users are not doing it manually.

 

This is the recent issue -- For example. --

Let's say VIP users at different location connected to CORP SSID and using their AIrwatch enabled Mobile devices( mostly IPad and Iphone)  to access email and shared drives. 

For some reason their phone move from CORP SSID to Guest SSID and they never see this change over from IPAD/Iphone Screen until they go and check in the setting to cofirm what's the issue. After that they can't access their email or shared drives. 

I do understand currently the Guest SSId is open for everyone to get IP address and re direct user to Captive portal. 

But looking for a soultion --Is there any configuration which we can apply and stop the CORP devices to move to Guest network and  to get an IP address

 

Again, Thanks in advance for giving your time. 

Re: How to Stop Corp Wifi User to connect Guest SSID Automatically

Are the devices managed by some kind of profile? I know there is the ability to "block" certain SSID's when the device is managed by a profile.


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Frequent Contributor I

Re: How to Stop Corp Wifi User to connect Guest SSID Automatically

As zallion0 said, I know Windows can block SSIDs via group policy. I actually saw this enabled for one of our departments just a couple weeks ago and it works well.


#AirheadsMobile
Occasional Contributor II

Re: How to Stop Corp Wifi User to connect Guest SSID Automatically

Hello everyone,,

 

Thanks for joining the discussio. Finally, I have log a ticket with Aruba Support to work on this and according to them, 

There are lots of diassocation happening from the device , which allowing it to connect to the Guest SSID. 

 

I have been also advise to look for firmware upgrade option because the current version we are using is 6.4.2.6 and has some bug which is resolved in 6.4.4.15. 

 

All suggestion are welcome , please tell me what the next stable release in 6.4.4 series. 

 

I saw that IOS version advise by Aruba TAC is fairly new , only 2 months old. He assured that it should resolve this issue. and should be alright. 

 

Please suggest me what the next stable version. why i am worried is becuase I have to upgrade 200 controllers. 

 

Thanks,

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: