a few days ago my wireless netowrk was fine,but now all devices turning on windows cannot authenticate except them which are turning on android.
please, what is the problem?
i have the 7210 controller and the 103 AP's.
could you please give us more information?
AAA profile configuration, SSID configuration and VAP configuration.
Are you using user derivation rules?
Also, can you run show audit-trail and check the changes that have been made on the controller?
first, thnak you,
yes,I am using user derivation rules
AAA Profile List----------------Name References Profile Status---- ---------- --------------default 2default-dot1x 0 Predefined (editable)default-dot1x-psk 0 Predefined (editable)default-mac-auth 0 Predefined (editable)default-open 0 Predefined (editable)default-xml-api 0 Predefined (editable)Guest-aaa-profile 1mgmt-aaa-profile 1New_WLAN-aaa_prof 1NoAuthAAAProfile 1 Predefined (editable)Pro-aaa-Profile 1Res-aaa-profile 1VIP-aaa-profile 1
Can you send us the specific information from the AAA profile that you are saying that is not working anymore and the derivation rules for that service?
show audit-trial (review that there are no changes from yesterday) - no need to paste here the logs but check since Sep 12 and find it out.
the aaa test server is successful, device on android connect,
for the AAA Profiles:
i have res-aaa-profile
initial role: logon
802.1X Authentication Default Role: authenticated
termination enabletermination eap-type eap-tlstermination eap-type eap-peaptermination inner-eap-type eap-mschapv2termination inner-eap-type eap-gtc
aaa server-group "GSRV-RADIUS"allow-fail-throughload-balanceauth-server SRV-RADIUS,
Network authentication security WPA2
i have RADUIS server to authenticate AD user's, without clearpass,
you're right, corporate users authenticate with certificate
i use only authentication role .... for android user, i receive the role authenticated,
OK - so you have a RADIUS server. I don't now why you are using termination.
An android user, connects to the SSID and introduces his AD username and password. If that is correct, it receives it gets the default role (authenticated)
A corporate laptop, connects to the same SSID with certificates. If the authentication is successful - which role is going to be assigned? How does your derivation rule look like?
""An android user, connects to the SSID and introduces his AD username and password. If that is correct, it receives it gets the default role (authenticated) "" --> yes
""A corporate laptop, connects to the same SSID with certificates. If the authentication is successful - which role is going to be assigned? How does your derivation rule look like?"" --> the same role is assigned: authenticated
i don't have derivation rules,
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.