Higher Education

 View Only
last person joined: 7 days ago 

Got questions on how to enable mobility in education? Submit them here!
Expand all | Collapse all

Dorm Networks - ROKU issue 2020

Jump to Best Answer
This thread has been viewed 6 times
  • 1.  Dorm Networks - ROKU issue 2020

    Posted Aug 19, 2020 11:21 AM
      |   view attached

    The students have been bringing some new ROKU product such as the ROKU premier which is showing a screen asking the student if the device is in a home, hotel or dorm (see attached screen shot). We use Clearpass for mac authentication for our dorm open network and it works great with most devices. Unfortunately, the ROKU and the configuration device (Smart Phone or Tablet) cannot be on the open network.

    Has anyone else seen this issue in their dorms yet?



  • 2.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 19, 2020 11:36 AM

    Not sure if someone will beat me to answering, but I know exactly how that message is being created. I had to interpret what the user is doing, based on what I saw on the controller.

     

    You're doing mac auth, so I assume you are using a Registration portal for the kids to register their device.... Either they are registering it AFTER clicking to connect, or within seconds of each other.

     

    Long story short, they are getting into the "logon" role on my campus, due to not being registered. The logon role goes now where for us. The Roku thinks that there is something stopping it like a splash page.

     

    I set a 5 minute re-auth timer on that role so all I'm relaying to our Help Desk is to have the kid get off the Network screen on the Roku, or shut off the TV for 5 minutes.   At the 5 minutes, they age out of the controller, and when they try again, Clearpass accepts them as a registered user....

     

     

    I plan on changing that re-auth timer to something higher in the semester, but for right now its been saving me from a lot of aaa delete's .... 

     

    If they STILL get that message, then they didn't register the mac address correctly still. 



  • 3.  RE: Dorm Networks - ROKU issue 2020
    Best Answer

    Posted Aug 19, 2020 12:38 PM

    In addition to lkfirestone suggestion, you can also add the "Change of Authorization" to the registration form , this will force a reauth dynamically when the user registers the device , if the device is stuck on the logon role .

    2020-08-19 12_34_42-Customize Form Fields (mac_create_2).png



  • 4.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 19, 2020 12:52 PM

    I don't have any comments to add yet, but thanks for the heads up!  We have some similarities to your configurations.  If we find anything noteworthy, I will pass along.



  • 5.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 19, 2020 01:27 PM

    We did a short logon timeout at first then moved to doing a COA. Works well.

     

    Mike



  • 6.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 19, 2020 01:51 PM
    Victor, can you comment on how the change_of_authorization field in guest approach is different than setting up a service in policy manager that issues an [ArubaOS Wireless – Terminate Session] enforcement profile? (The latter is what we currently have in place.)

    - Ryan -


  • 7.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 19, 2020 02:02 PM

    As of this semester, for Guest we now use our own portal server with the REST API to ClearPass & Aruba wireless.

    I put in a slight ( 1 minute?) delay after registration before logging them in to give my ClearPass cluster time to sync the account.



  • 8.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 20, 2020 10:01 AM
    The CoA in the form, allows you to dynamically send the CoA right after the user registers the device (IMO is more effective and clean if the device is stuck in the logon role)
    For the terminate session enforcement to be executed, you will need to wait until the next time the device reauth.


  • 9.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 20, 2020 12:12 PM
    Victor, to be clear, we have the terminate session enforcement executed as part of the device’s registration.

    [A screenshot of a social media post Description automatically generated]
    [A screenshot of a cell phone Description automatically generated]

    - Ryan -


  • 10.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 20, 2020 01:50 PM

    Ahh I see , I misunderstood and thought you were talking about the CoA enforcement profile in the wireless mac auth.

    The CoA field in the form works in conjunction with Device Registration Disconnect service, which uses the CoA enforcement profile

    Sent from Mail for Windows 10



  • 11.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 20, 2020 09:57 AM

    Thanks Victor, I like this solution and will look into it.



  • 12.  RE: Dorm Networks - ROKU issue 2020

    Posted Aug 20, 2020 09:55 AM

    Thank you, lkfirestone.

    You are correct about the user getting the " Dorm hotel page" . Thanks for your input.