I'm setting up a captive portal SSID for visitors on a new aruba controller environment, which consists of a MM/VA and 2 physical 7205 controllers, running arubaOS 22.214.171.124. The captive portal is located on a CPPM cluster and is currently working fine for our legacy IAP cluster (being transitionned to the new arubaOS cluster).
But I'm facing a big issue. Once the guest has been registered onto the CP, when I switch OFF and ON the wifi on the wireless mobile, the device is not disconnected and swapped onto the visitor VLAN. In fact the MAC authentication service is never triggered from CPPM. Instead the CP slash page keeps recurring asking for the same visitor information.
I figured out this is due to the guest association with the SSID which is NOT cleared, and last 10mn before going away.
If I disconnect manually the guest on the monitoring controller, it reconnects to the visitor VLAN correctly.
So the issue seems to be related to guest sticky association to the SSID, not immediately cleared after the disconnection and reconnection.
Question : So within the tons of parameters available in these controllers, is there a way to modify this behaviour, to make it compliant with the IAP?
Extra question : The « disconnection » should normally be triggered by a ClearPass policy via a Radius CoA/Disconnect, but it is either not sent by CPPM, or NOT received by the controllers. How to troubleshoot this?
Any hints or suggestion is welcome.
Thanks in advance
Thanks for these pertinent recommendations.
I forgot to mention that, aside of IAPs we also have a legacy HP UWWL (ComWare) wireless system. This is the reason why we use "Server Initiated" CoA/Disconnect.
So during the migration period (about 1 year) the guest portal must work with 3 different systems (UWWL, IAP and controllers).
We are also using an isolated VLAN for Internet Access (so no access to internal devices such as CP portal). This VLAN is shared between guests and some other IoT devices which use Cloud Management exclusively.
As I mentioned earlier the CP is working fine with 2 technologies, so I don't understand why it should not work with ArubaOS controllers.
The real issue is these sticky guest clients which cannot be disconnected when you switch the WiFi OFF on the client devices.
Is there a way to suppress he association delay (roughly 5-10mn) so that the AP behave just like current IAPs?
If I can do that it will work.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.