Wireless Access

Hello,

I'm setting up a captive portal SSID for visitors on a new aruba controller environment, which consists of a MM/VA and 2 physical 7205 controllers, running arubaOS 8.9.0.0. The captive portal is located on a CPPM cluster and is currently working fine for our legacy IAP cluster (being transitionned to the new arubaOS cluster).

But I'm facing a big issue. Once the guest has been registered onto the CP, when I switch OFF and ON the wifi on the wireless mobile, the device is not disconnected and swapped onto the visitor VLAN. In fact the MAC authentication service is never triggered from CPPM. Instead the CP slash page keeps recurring asking for the same visitor information.

I figured out this is due to the guest association with the SSID which is NOT cleared, and last 10mn before going away.

If I disconnect manually the guest on the monitoring controller, it reconnects to the visitor VLAN correctly.

So the issue seems to be related to guest sticky association to the SSID, not immediately cleared after the disconnection and reconnection.

Question : So within the tons of parameters available in these controllers, is there a way to modify this behaviour, to make it compliant with the IAP?

Extra question : The « disconnection » should normally be triggered by a ClearPass policy   via a Radius CoA/Disconnect, but it is either not sent by CPPM, or NOT received by the controllers. How to troubleshoot this?

Any hints or suggestion is welcome.

Thanks in advance

Ray

Hello,

I'm setting up a captive portal SSID for visitors on a new aruba controller environment, which consists of a MM/VA and 2 physical 7205 controllers, running arubaOS 8.9.0.0. The captive portal is located on a CPPM cluster and is currently working fine for our legacy IAP cluster (being transitionned to the new arubaOS cluster).

But I'm facing a big issue. Once the guest has been registered onto the CP, when I switch OFF and ON the wifi on the wireless mobile, the device is not disconnected and swapped onto the visitor VLAN. In fact the MAC authentication service is never triggered from CPPM. Instead the CP slash page keeps recurring asking for the same visitor information.

I figured out this is due to the guest association with the SSID which is NOT cleared, and last 10mn before going away.

If I disconnect manually the guest on the monitoring controller, it reconnects to the visitor VLAN correctly.

So the issue seems to be related to guest sticky association to the SSID, not immediately cleared after the disconnection and reconnection.

Question : So within the tons of parameters available in these controllers, is there a way to modify this behaviour, to make it compliant with the IAP?

Extra question : The « disconnection » should normally be triggered by a ClearPass policy   via a Radius CoA/Disconnect, but it is either not sent by CPPM, or NOT received by the controllers. How to troubleshoot this?

Any hints or suggestion is welcome.

Thanks in advance

Ray

Hello,

I'm setting up a captive portal SSID for visitors on a new aruba controller environment, which consists of a MM/VA and 2 physical 7205 controllers, running arubaOS 8.9.0.0. The captive portal is located on a CPPM cluster and is currently working fine for our legacy IAP cluster (being transitionned to the new arubaOS cluster).

But I'm facing a big issue. Once the guest has been registered onto the CP, when I switch OFF and ON the wifi on the wireless mobile, the device is not disconnected and swapped onto the visitor VLAN. In fact the MAC authentication service is never triggered from CPPM. Instead the CP slash page keeps recurring asking for the same visitor information.

I figured out this is due to the guest association with the SSID which is NOT cleared, and last 10mn before going away.

If I disconnect manually the guest on the monitoring controller, it reconnects to the visitor VLAN correctly.

So the issue seems to be related to guest sticky association to the SSID, not immediately cleared after the disconnection and reconnection.

Question : So within the tons of parameters available in these controllers, is there a way to modify this behaviour, to make it compliant with the IAP?

Extra question : The « disconnection » should normally be triggered by a ClearPass policy   via a Radius CoA/Disconnect, but it is either not sent by CPPM, or NOT received by the controllers. How to troubleshoot this?

Any hints or suggestion is welcome.

Thanks in advance

Ray

Hello,

I'm setting up a captive portal SSID for visitors on a new aruba controller environment, which consists of a MM/VA and 2 physical 7205 controllers, running arubaOS 8.9.0.0. The captive portal is located on a CPPM cluster and is currently working fine for our legacy IAP cluster (being transitionned to the new arubaOS cluster).

But I'm facing a big issue. Once the guest has been registered onto the CP, when I switch OFF and ON the wifi on the wireless mobile, the device is not disconnected and swapped onto the visitor VLAN. In fact the MAC authentication service is never triggered from CPPM. Instead the CP slash page keeps recurring asking for the same visitor information.

I figured out this is due to the guest association with the SSID which is NOT cleared, and last 10mn before going away.

If I disconnect manually the guest on the monitoring controller, it reconnects to the visitor VLAN correctly.

So the issue seems to be related to guest sticky association to the SSID, not immediately cleared after the disconnection and reconnection.

Question : So within the tons of parameters available in these controllers, is there a way to modify this behaviour, to make it compliant with the IAP?

Extra question : The « disconnection » should normally be triggered by a ClearPass policy   via a Radius CoA/Disconnect, but it is either not sent by CPPM, or NOT received by the controllers. How to troubleshoot this?

Any hints or suggestion is welcome.

Thanks in advance

Ray