For my first post on Airheads Community, I'd like to submit BYOD issue when provisionning iOS devices.
My goal is to Onboard/Provision personal devices, using a PEAP/MSCHAPv2 authentication. I've configured two SSID, and my Clearpass configuration seems OK, since it's working for my Windows and android devices.
The issue occur when I try to provision an iPad:
- Installation of root CA : OK
- Onboarding : OK, I can see my device on Clearpass Onboard
- Provisionning : Failed. Connection to my corporate SSID failed. Looking in access tracker, It seems that my Provisionning service is not applied.
Have you any idea that could help me ?
I've unchecked "Require HTTPS for guest access" in CPPM and I use an http url for my BYOD captive portal, but it doesn't work.
Now, I think I've a problem with one of my Clearpass Onboard Service.
I've configured the following rule :
This rule is firing with my windows and android device when I connect to my corporate SSID with unique id, but not with my Ipad.
I'm using Aruba APs and controllers (3600)
I also checked the "use http" checkbox.
Now, looking in the controller log, I can see EAP challenge failed when trying to connect to my corporate SSID. So I have a few questions :
- Is it possible to use unique id and PEAP with iOS devices ?
- Should I use EAP-TLS instead ?
I had a phone call with TAC, they say that unless I configure a commercial certificate, it won't work.
That seems strange, because I thought that manually installing Root CA and desactivate https should work.
I've tried to provision a WPA2-PSK SSID and it's working like a charm. But when I provision a 802.1X SSID (tried PEAP and EAP-TLS), it doesn't work. And the strange part is that I didn't see any log in Access Tracker for the authentication service.
Like I was talking about you can provision with out a Public cert if you have the following done on CPPM and the controller.
You wont see any auths happening on a PSK network because the client will disconnect and then reconnect with the same SSID. IOS devices have an issue where it wont move to a provisioned SSID like a windows or android device will.
Also if you want the device to disconnect and reconnect you need to have the Send IP checkmarked in the controller.
Here is a how-to.
Thanks a lot for the how-to !
It's almost working now, I think that the "Add IP Switch IP..." was the key.
I've just a small issue on iOS devices, I need to switch the WiFi off/on to get the correct profile.
Again, thank you for your help !
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.