Wireless Access

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

Original Message:
Sent: 12/2/2021 5:36:00 PM
From: cathyf
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

Hey Jim - I am curious then what that workflow looks like. So if a guest comes to your campus and they would like to hop on your wireless, do they have to call or visit your helpdesk in order for your staff to manually provision a username/password for them? And this is done for every guest that walks on campus and wants wireless access?

Original Message:
Sent: 12/3/2021 9:22:00 AM
From: censania
Subject: RE: New/renewing cpg users stuck in limbo for hours/days

Hey Jim - I am curious then what that workflow looks like. So if a guest comes to your campus and they would like to hop on your wireless, do they have to call or visit your helpdesk in order for your staff to manually provision a username/password for them? And this is done for every guest that walks on campus and wants wireless access?

------------------------------
Cody Ensanian
------------------------------

Original Message:
Sent: Dec 03, 2021 08:43 AM
From: Unknown User
Subject: New/renewing cpg users stuck in limbo for hours/days

Cathy,

We ditched the captive portal a long time ago for various headache reasons, mostly due to client capabilities and web certificates.  While this does not sound like your issue, perhaps you could go the route we went if it works for you.

Since pretty much all guest clients now support 802.1x, we just create guest users manually and have them hit the same SSID as the one the rest of our campus users use.  We have roles assigned and guest users are placed in a separate guest vlan.  In general, we only use one SSID for all 802.1x clients and leverage Clearpass for role/vlan assignments.

I can give you more details if that is something you wish to consider.  I can't help with your current problem, but I bet someone here knows the answer to your question.

Jim

--

Jim Lucas

Network Manager

415 Kehoe

101 Broad Street

Plattsburgh, NY 12901

(o) 518-564-5322

(f)  518-564-4252

plattsburgh.edu

Original Message:
Sent: 12/2/2021 5:36:00 PM
From: cathyf
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

The longer-range plan is to make fairly radical changes -- I'm brand new here, and am dealing with an interlocking set of broken things which have to be fixed in order...

We want to use mpsk, but have been told we need to upgrade off of 8.3 to implement it. We have 135 AP-105Hs in dorms that can't be updated, so I'm in the process of planning to replace those with 205Hs off of ebay (the out-of-cycle refresh of 30% of our installed APs is a budget killer!)

When our aruba partner implemented eduroam 3 years ago, they got the SP to work but didn't understand what the IdP was supposed to do and never realized that it's not set up at all. I'm trying to learn enough about it so that I can get the IdP working without breaking the SP, and I already know that I want to use eap-tls. 

Every side-by-side comparison will tell you that implementing client certificates are a huge complicated thing, but I'm thinking that any process that works reliably is infinitely less complicated than this frustrating mess. According to airwave, at the moment I've got 108 clients stuck in mcUsers-logon (three of them have been there since 6-Oct) and 159 stuck in mcPublic-logon (one since 5-Nov). When you tell users "log into the cpg web interface and just continuously remove and add your MAC address until it magically starts working" the users look at you like you are a crazy idiot. And I certainly feel like an idiot saying it!

------------------------------
Cathy Fasano
------------------------------

Original Message:
Sent: Dec 03, 2021 08:43 AM
From: Unknown User
Subject: New/renewing cpg users stuck in limbo for hours/days

Cathy,

We ditched the captive portal a long time ago for various headache reasons, mostly due to client capabilities and web certificates.  While this does not sound like your issue, perhaps you could go the route we went if it works for you.

Since pretty much all guest clients now support 802.1x, we just create guest users manually and have them hit the same SSID as the one the rest of our campus users use.  We have roles assigned and guest users are placed in a separate guest vlan.  In general, we only use one SSID for all 802.1x clients and leverage Clearpass for role/vlan assignments.

I can give you more details if that is something you wish to consider.  I can't help with your current problem, but I bet someone here knows the answer to your question.

Jim

--

Jim Lucas

Network Manager

415 Kehoe

101 Broad Street

Plattsburgh, NY 12901

(o) 518-564-5322

(f)  518-564-4252

plattsburgh.edu

Original Message:
Sent: 12/2/2021 5:36:00 PM
From: cathyf
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

We have been able to use the ClearPass REST API to create our own guest portal. This strategy allows for more flexibility & customization.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer
------------------------------

Original Message:
Sent: Dec 02, 2021 05:35 PM
From: Cathy Fasano
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

I'd rather use eduroam -- that way I can leverage the wisdom and experience of thousands of other network admins as opposed to having to think of everything myself. (And cpg behaves the way it does even though it was engineered by aruba engineers who understand ClearPass much better than I ever will and are probably smarter than me, too. I can only imagine what sort of mess I would make of trying to roll my own!)

------------------------------
Cathy Fasano
------------------------------

Original Message:
Sent: Dec 13, 2021 08:52 AM
From: Bruce Osborne
Subject: New/renewing cpg users stuck in limbo for hours/days

We have been able to use the ClearPass REST API to create our own guest portal. This strategy allows for more flexibility & customization.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Dec 02, 2021 05:35 PM
From: Cathy Fasano
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

Original Message:
Sent: 12/13/2021 1:44:00 PM
From: cathyf
Subject: RE: New/renewing cpg users stuck in limbo for hours/days

I'd rather use eduroam -- that way I can leverage the wisdom and experience of thousands of other network admins as opposed to having to think of everything myself. (And cpg behaves the way it does even though it was engineered by aruba engineers who understand ClearPass much better than I ever will and are probably smarter than me, too. I can only imagine what sort of mess I would make of trying to roll my own!)

------------------------------
Cathy Fasano
------------------------------

Original Message:
Sent: Dec 13, 2021 08:52 AM
From: Bruce Osborne
Subject: New/renewing cpg users stuck in limbo for hours/days

We have been able to use the ClearPass REST API to create our own guest portal. This strategy allows for more flexibility & customization.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Dec 02, 2021 05:35 PM
From: Cathy Fasano
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

In some countries, there are facilities to support visitors on eduroam. You may check if something like this is available in your country, or ask these people to extend their service to other countries.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 13, 2021 01:54 PM
From: Bruce Osborne
Subject: New/renewing cpg users stuck in limbo for hours/days

Eduroam does not work for guests who are not from other eduroam institutions. We are planning on using eduroam in addition to our guest portal & SSID. We will also likely use that guest SSID for onboarding too.

 

Bruce Osborne

Senior Network Engineer

Network Operations - Wireless

 

 (434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

 

Original Message:
Sent: 12/13/2021 1:44:00 PM
From: cathyf
Subject: RE: New/renewing cpg users stuck in limbo for hours/days

I'd rather use eduroam -- that way I can leverage the wisdom and experience of thousands of other network admins as opposed to having to think of everything myself. (And cpg behaves the way it does even though it was engineered by aruba engineers who understand ClearPass much better than I ever will and are probably smarter than me, too. I can only imagine what sort of mess I would make of trying to roll my own!)

------------------------------
Cathy Fasano

Original Message:
Sent: Dec 13, 2021 08:52 AM
From: Bruce Osborne
Subject: New/renewing cpg users stuck in limbo for hours/days

We have been able to use the ClearPass REST API to create our own guest portal. This strategy allows for more flexibility & customization.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Dec 02, 2021 05:35 PM
From: Cathy Fasano
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------

Thank you. 

I was not aware of that service. We need to see if it is available in the US. We are currently in the early planning & deployment stages of eduroam.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer
------------------------------

Original Message:
Sent: Dec 17, 2021 09:06 AM
From: Herman Robers
Subject: New/renewing cpg users stuck in limbo for hours/days

In some countries, there are facilities to support visitors on eduroam. You may check if something like this is available in your country, or ask these people to extend their service to other countries.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Dec 13, 2021 01:54 PM
From: Bruce Osborne
Subject: New/renewing cpg users stuck in limbo for hours/days

Eduroam does not work for guests who are not from other eduroam institutions. We are planning on using eduroam in addition to our guest portal & SSID. We will also likely use that guest SSID for onboarding too.

 

Bruce Osborne

Senior Network Engineer

Network Operations - Wireless

 

 (434) 592-4229

 

LIBERTY UNIVERSITY

Training Champions for Christ since 1971

 

Original Message:
Sent: 12/13/2021 1:44:00 PM
From: cathyf
Subject: RE: New/renewing cpg users stuck in limbo for hours/days

I'd rather use eduroam -- that way I can leverage the wisdom and experience of thousands of other network admins as opposed to having to think of everything myself. (And cpg behaves the way it does even though it was engineered by aruba engineers who understand ClearPass much better than I ever will and are probably smarter than me, too. I can only imagine what sort of mess I would make of trying to roll my own!)

------------------------------
Cathy Fasano

Original Message:
Sent: Dec 13, 2021 08:52 AM
From: Bruce Osborne
Subject: New/renewing cpg users stuck in limbo for hours/days

We have been able to use the ClearPass REST API to create our own guest portal. This strategy allows for more flexibility & customization.

------------------------------
Bruce Osborne ACCP ACMP
Liberty University

The views expressed here are my personal views and not those of my employer

Original Message:
Sent: Dec 02, 2021 05:35 PM
From: Cathy Fasano
Subject: New/renewing cpg users stuck in limbo for hours/days

We have had a continuing problem with cpg in that some new users and some users whose previous cpg registration has expired use the captive portal to register their MAC addresses and then -- for reasons completely mysterious -- it sometimes does not work right away. The behavior is that cpg just keeps bringing up the captive portal device registration panel over and over again. Each time that you register the device, it shows the "receipt" that tells you the expiration date/time, which is in one year. As you register over and over again the expiration time moves forward. Usually after some hours/days it just mysteriously works -- stops asking for credentials and connects you to the internet. We have this "voodoo raindance" thing that we do where we use the cpg management portal to continuously delete and re-add the MAC, but we have no idea if this has any effect and maybe the device would have healed on its own?

This latest round happened to me. We have a laptop on the bench that we use sporadically to test things, and its cpg registration had expired since the last time that I used it. When the captive portal came up I put my credentials in and registered the MAC, and it got into this state.

Our SSID is mcUsers, and the role that the device gets stuck in is mcUsers-logon. I can use AirWave to list out all of my clients, then sort by role, and I've got a couple of dozen clients in this state. The laptop that I just registered has been sitting in that state for going on 2 hours as I write this.

I've got 14 clients that have been stuck for over 2 days, a couple going all the way back to Oct 6th.
10/6/21, 7:34 AM
10/6/21, 7:34 AM
10/6/21, 7:47 AM
11/1/21, 9:30 PM
11/6/21, 7:28 PM
11/16/21, 9:52 AM
11/22/21, 3:42 AM
11/27/21, 10:16 AM
11/29/21, 1:23 PM
11/29/21, 10:57 PM
11/29/21, 11:10 PM
11/30/21, 1:40 AM
11/30/21, 9:08 PM
11/30/21, 9:29 PM

and then 24 more sitting there. Sometimes I see more appear, or the connection time moves forward, 

With the laptop that sent me off on this merry chase, I can look up the MAC in airwave and get the IP, and then look up the IP in mobility master, and, yeah, it's just sitting there frozen in this state.

I can't figure out what's going on, why some clients get in this state, what gets them out -- and how to make it stop!

Has anyone faced this and knows what's going on? Or can point me towards some tools to try to figure it out?

------------------------------
Cathy Fasano
------------------------------