I'm relative new (for not say novice) when implemented corporate wireless networks, I have implemented some projects using mobility controllers, instant controllers, ariwave, central, clearpass, etc. In all of these implementation we have tested the wireless "workflow" in a lab envorioment with different equipments.
But we always have the same problem: when the final service is deployment the end-user start to have a lot of "issue", for example:
- if I change my (Active directory) i cannot connect to the wireless network
- why my equipment is always in quarentine when trying to run a peer-to-peer applicantion
- why i'm not able to use my personal tablet?
these are some of the "issues" reported from the clients, that sadly generate a lot of noise on the support department and then on us (the solution provider)
does anyone knows how to ensure a more "transparent" way to deploy this kind of changes of network and security controls?
o maybe is just me having this issue. :(
I understand all your problems seems to be a client authentication or authorzation realated issue:
The following commands on the Controller on which the client is terminating (Instant Virtual Controller might have similar commands) will come in handy whenever you are having and issue with client related issue:
- #show user-table <user-ip> --> if you have multiple controllers, check on each controller to find the user or which is controlling the user location APs
- #show station-table <mac-address>
If nothing above worked or not enough to provide the information:
- #show aaa state station <mac address of the client in trouble> --> Check the "aaa-profile name" on the output
- #show aaa-profile <aaa-profile name> --> Check the roles mapped to the profile
- #show rights <role-name> --> Check the policy of the role if the application/port you are attempt to running/connect to is allowed
- When you changed the AD, may I know have you chaned the RADIUS configurations on the Controller/ Clearpass?
- While running P2P application, are you already authenticated on the network
- When you say you are not able to use, does that mean you are not able to conect to the Wi-Fi or you are connected to the network but the traffic is not passing?
For all the above scenes, if you have clearpass NAC server, please check the logs of the Access Tracker
- If the policy is not letting the user to do the activities that you mentioned, we might have authorization issue, which could be your case.
And, now you have the commands to narrow down the issue.
If you have enough logs, you can share in the community or you can reach TAC for help.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.