Controllerless Networks

Hy everbody,

I previously successfully created the services for Guest Access and MAC Authentication in the CPPM. Everything was working fine. Users were redirected to the captive portal and were able to create an account an login.

But approximately one week ago, the behaviour changed: when a user connects, the MAC Authentication Service is used, and the Deny Access Profile is assigned. I think the problem is, that the role "Other" is assigend instead of "Guest", but I can´t find a reason, why the "Guest" role isn´t assigned.

Any thoughts?

Knd regards,
Matthias

------------------------------
Matthias Pohl
------------------------------

My first thought is that, if CPPM Services haven't changed and you are completing MAC Auth...is the Private Addressing/MAC Randomisation causing an issue? Do you have a screenshot of your Role Mapping/Enforcement Profile which determines whether Other or Guest is assigned?

------------------------------
Craig Syme
------------------------------

Original Message:
Sent: Jul 21, 2021 03:05 AM
From: Matthias Pohl
Subject: Problems with Guest Access

Hy everbody,

I previously successfully created the services for Guest Access and MAC Authentication in the CPPM. Everything was working fine. Users were redirected to the captive portal and were able to create an account an login.

But approximately one week ago, the behaviour changed: when a user connects, the MAC Authentication Service is used, and the Deny Access Profile is assigned. I think the problem is, that the role "Other" is assigend instead of "Guest", but I can´t find a reason, why the "Guest" role isn´t assigned.

Any thoughts?

Knd regards,
Matthias

------------------------------
Matthias Pohl
------------------------------

This is the Role Mapping

------------------------------
Matthias Pohl
------------------------------

Original Message:
Sent: Jul 21, 2021 03:37 AM
From: Craig Syme
Subject: Problems with Guest Access

My first thought is that, if CPPM Services haven't changed and you are completing MAC Auth...is the Private Addressing/MAC Randomisation causing an issue? Do you have a screenshot of your Role Mapping/Enforcement Profile which determines whether Other or Guest is assigned?

------------------------------
Craig Syme

Original Message:
Sent: Jul 21, 2021 03:05 AM
From: Matthias Pohl
Subject: Problems with Guest Access

Hy everbody,

I previously successfully created the services for Guest Access and MAC Authentication in the CPPM. Everything was working fine. Users were redirected to the captive portal and were able to create an account an login.

But approximately one week ago, the behaviour changed: when a user connects, the MAC Authentication Service is used, and the Deny Access Profile is assigned. I think the problem is, that the role "Other" is assigend instead of "Guest", but I can´t find a reason, why the "Guest" role isn´t assigned.

Any thoughts?

Knd regards,
Matthias

------------------------------
Matthias Pohl
------------------------------

For unknown/new devices, that are not subject to MAC Caching, that is expected. Please check in the Endpoint Repository for the MAC address connecting, if there is the attribute 'Guest Role ID' and if it is set to 2.

If the attribute is not there, check in your Webauth service if it is set.

You could check this video how the workflow should work...

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jul 21, 2021 04:46 AM
From: Matthias Pohl
Subject: Problems with Guest Access

This is the Role Mapping

------------------------------
Matthias Pohl

Original Message:
Sent: Jul 21, 2021 03:37 AM
From: Craig Syme
Subject: Problems with Guest Access

My first thought is that, if CPPM Services haven't changed and you are completing MAC Auth...is the Private Addressing/MAC Randomisation causing an issue? Do you have a screenshot of your Role Mapping/Enforcement Profile which determines whether Other or Guest is assigned?

------------------------------
Craig Syme

Original Message:
Sent: Jul 21, 2021 03:05 AM
From: Matthias Pohl
Subject: Problems with Guest Access

Hy everbody,

I previously successfully created the services for Guest Access and MAC Authentication in the CPPM. Everything was working fine. Users were redirected to the captive portal and were able to create an account an login.

But approximately one week ago, the behaviour changed: when a user connects, the MAC Authentication Service is used, and the Deny Access Profile is assigned. I think the problem is, that the role "Other" is assigend instead of "Guest", but I can´t find a reason, why the "Guest" role isn´t assigned.

Any thoughts?

Knd regards,
Matthias

------------------------------
Matthias Pohl
------------------------------

I found the cause of my problem:

I´ve changed the port on the switch, where the IAP is connected. The new port is configured for mac-authentication. On the old port I´ve directly assigned the VLANs. On the new port the IAPs is correctly recognized and the correct VLANs are assigned, but the clients connected to the IAP don´t get an IP address. So it´s not a problem with the GuestAccess, it´s a problem with the port configuration or the service in CPPM

------------------------------
Matthias Pohl
------------------------------

Original Message:
Sent: Jul 21, 2021 05:35 AM
From: Herman Robers
Subject: Problems with Guest Access

For unknown/new devices, that are not subject to MAC Caching, that is expected. Please check in the Endpoint Repository for the MAC address connecting, if there is the attribute 'Guest Role ID' and if it is set to 2.

If the attribute is not there, check in your Webauth service if it is set.

You could check this video how the workflow should work...

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jul 21, 2021 04:46 AM
From: Matthias Pohl
Subject: Problems with Guest Access

This is the Role Mapping

------------------------------
Matthias Pohl

Original Message:
Sent: Jul 21, 2021 03:37 AM
From: Craig Syme
Subject: Problems with Guest Access

My first thought is that, if CPPM Services haven't changed and you are completing MAC Auth...is the Private Addressing/MAC Randomisation causing an issue? Do you have a screenshot of your Role Mapping/Enforcement Profile which determines whether Other or Guest is assigned?

------------------------------
Craig Syme

Original Message:
Sent: Jul 21, 2021 03:05 AM
From: Matthias Pohl
Subject: Problems with Guest Access

Hy everbody,

I previously successfully created the services for Guest Access and MAC Authentication in the CPPM. Everything was working fine. Users were redirected to the captive portal and were able to create an account an login.

But approximately one week ago, the behaviour changed: when a user connects, the MAC Authentication Service is used, and the Deny Access Profile is assigned. I think the problem is, that the role "Other" is assigend instead of "Guest", but I can´t find a reason, why the "Guest" role isn´t assigned.

Any thoughts?

Knd regards,
Matthias

------------------------------
Matthias Pohl
------------------------------