Wireless Access

Reply
Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

No associate problem on my open guest SSID

Hello

 

I would like to configure Clearpass Guest portal authentification for my guest.

 

For this, i create a simply a guest open ssid on my 3600 controleur (v 6.4),  to be sure, I even created by the wizard. (VAP with AAA, SSID open, VLAN ID , Tunnel etc ...), and for your information It is not the first time i do this....

On my network, I create a VLAN guest, this VLAN works, i have test on access port with a wired client, (my controler give me a IP adddress, and i can ping my gateway).

 

But when i try to connect with my client (you can imagine that i tried with some many differents clients), i'm associate and directly de-associate, i have no time for get a IP adresse.

The worst is, if i use the same VAP but with an "aaa profil" configure with a 802.1x authentication , it's works well.

 

I have configure a user-debug on the  MAC adress of my client android, and i can see this : 

Dec 22 19:02:53 :501105:  <NOTI> |AP TEST-SHINOBI@172.23.17.33 stm|  Deauth from sta: 38:aa:3c:58:1e:8a: AP 172.23.17.33-d8:c7:c8:2e:02:70-TEST-SHINOBI Reason Class 2 frames from non authenticated STA.

 

What is significate of this : Reason Class 2 frames from non authenticated STA ?

 

In attach file you can see all the log regarding the user-debug

 

thanks for your help !

 

 

 

 

 

Guru Elite
Posts: 20,794
Registered: ‎03-29-2007

Re: No associate problem on my open guest SSID

Yann Dorval,

 

- What is the exact version of ArubaOS?

- What access points are you using?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: No associate problem on my open guest SSID

Hi,

 

the version of AOS is 6.4.2.2 and AP's : AP-105

 

regards

 

Yann 

 

Guru Elite
Posts: 20,794
Registered: ‎03-29-2007

Re: No associate problem on my open guest SSID

Yann Dorval,

 

If you have an HT SSID profile attached to that SSID profile, please make sure that "legacy stations" is checked.

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: No associate problem on my open guest SSID

Cjoseph,

 

Sorry, i've made a mistake with the "accept solution" bouton.

 

I confirm, the legacy station is check in my HT SSID Profil.

 

Regards

 

Yann

Guru Elite
Posts: 20,794
Registered: ‎03-29-2007

Re: No associate problem on my open guest SSID

Are you using encryption on that SSID?
What is the parameter that you changed?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: No associate problem on my open guest SSID

Hi,

 

We found the problem, when we inspected the IDS Log we saw this line : 

 

Dec 23 16:11:23 :106006:  <NOTI> |AP TEST@172.23.17.33 sapd| |ids-ap| AM: Wireless containment: Sending type Deauth from AP d8:c7:c8:2e:xx:xx to STA c8:bc:c8:ed:xx:xx channel 1

 

It's a specific IDS parameter who block the client association on the Open SSID.

 

We had check all the IDS parametrer (it's hard job !) and the winner is : "Protecting Against Misconfigured APs" ->  cmd : ids unauthorized-device-profile protect-misconfigured-ap

 

This parameters is enable in default IDS profil, we don't know the defintion of this feature, we find only this in the user guide : 

Protect.jpg

 

Do you have more information about it ? Is it dangerous to disable this feature ? and why in our, configuration it's problem ?

 

Regards

 

Yann 

 

 

Guru Elite
Posts: 20,794
Registered: ‎03-29-2007

Re: No associate problem on my open guest SSID

Disable the IDS for now.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎09-29-2011

Re: No associate problem on my open guest SSID

Yes it's works now, but my customer don't accept this answer, he want to get more accuracy about this feature ...

Guru Elite
Posts: 20,794
Registered: ‎03-29-2007

Re: No associate problem on my open guest SSID

[ Edited ]
The feature can be configured to accidentally kick off valid clients if misconfigured. TAC should be able to explain the configuration and why the clients is kicked off from the logs.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: