The students have been bringing some new ROKU product such as the ROKU premier which is showing a screen asking the student if the device is in a home, hotel or dorm (see attached screen shot). We use Clearpass for mac authentication for our dorm open network and it works great with most devices. Unfortunately, the ROKU and the configuration device (Smart Phone or Tablet) cannot be on the open network.
Has anyone else seen this issue in their dorms yet?
Not sure if someone will beat me to answering, but I know exactly how that message is being created. I had to interpret what the user is doing, based on what I saw on the controller.
You're doing mac auth, so I assume you are using a Registration portal for the kids to register their device.... Either they are registering it AFTER clicking to connect, or within seconds of each other.
Long story short, they are getting into the "logon" role on my campus, due to not being registered. The logon role goes now where for us. The Roku thinks that there is something stopping it like a splash page.
I set a 5 minute re-auth timer on that role so all I'm relaying to our Help Desk is to have the kid get off the Network screen on the Roku, or shut off the TV for 5 minutes. At the 5 minutes, they age out of the controller, and when they try again, Clearpass accepts them as a registered user....
I plan on changing that re-auth timer to something higher in the semester, but for right now its been saving me from a lot of aaa delete's ....
If they STILL get that message, then they didn't register the mac address correctly still.
In addition to lkfirestone suggestion, you can also add the "Change of Authorization" to the registration form , this will force a reauth dynamically when the user registers the device , if the device is stuck on the logon role .
I don't have any comments to add yet, but thanks for the heads up! We have some similarities to your configurations. If we find anything noteworthy, I will pass along.
We did a short logon timeout at first then moved to doing a COA. Works well.
As of this semester, for Guest we now use our own portal server with the REST API to ClearPass & Aruba wireless.
I put in a slight ( 1 minute?) delay after registration before logging them in to give my ClearPass cluster time to sync the account.
Ahh I see , I misunderstood and thought you were talking about the CoA enforcement profile in the wireless mac auth.The CoA field in the form works in conjunction with Device Registration Disconnect service, which uses the CoA enforcement profileSent from Mail for Windows 10
Thanks Victor, I like this solution and will look into it.
Thank you, lkfirestone.
You are correct about the user getting the " Dorm hotel page" . Thanks for your input.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.