Wireless Access

last person joined: 14 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Android 11 connecting to ArubaVC 8.6.0.6

This thread has been viewed 37 times
  • 1.  Android 11 connecting to ArubaVC 8.6.0.6

    Posted 14 days ago

    Small (just me) problem connecting my Pixel 3L with Android 11.  We have a private VLAN for BYOD.  Users enter their network credentials, same as workstations.  No issues for the most part, but only a handful of people in our office still.  I'm running into the connection being made, then disconnecting.  Then after a while it lets me know there's an authentication problem.  I've got another user on an Android, I don't think 11, with no issues.

    I've set the connection to not randomize the MAC, thinking Aruba might have a problem with that, but no joy.  On the controller, I actually see my MAC, but it's got 0.0.0.0 and NOFP, which I think is it's way of saying it can't recognize the OS.  But I know this phone's been on this VLAN before. But since then both the controller and phone have been updated.

    What am I missing?



    ------------------------------
    Ben Rollman
    ------------------------------


  • 2.  RE: Android 11 connecting to ArubaVC 8.6.0.6

    Posted 13 days ago
    Do you have the capability to see what user-role you are getting after authenticating and what VLAN you are being put on? Is your role allowing DHCP?

    Have you also tried forgetting the network on the android just in case you might have some custom setting for the WLAN?


    ------------------------------
    Dustin Burns

    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Android 11 connecting to ArubaVC 8.6.0.6

    Posted 13 days ago
    It shows the ESSID because those are visible and what we're trying connect to, in this case a private one for employees only.  The VLAN is about 200 available in the scope so not exceeding that.  But I'm also not on site anymore so I don't know if I'm getting a lease or not.  And my phone's connected to my own wifi now so I've got a 192.168.x.x again.  The role should be allowing DHCP, again, so far this is the only device I've seen not work.

    And yes, forgot the network and reconnect.  Even cleared cached creds and certs just to be safe. And restarted the device. :)

    ------------------------------
    Ben Rollman
    ------------------------------



  • 4.  RE: Android 11 connecting to ArubaVC 8.6.0.6

    Posted 13 days ago
    I am a K12.  I have the same problem.  I have a ticket in with TAC (closed).  I am finding that Android 9 will still connect.  I tested my work Guest/BYOD months ago.  When I was asked to push the network out to the users I could no longer connect to the network with my personal cell phone.  I have tried to connect to an Open, PSK, Portal networks. 

    I go home and can connect fine.

    IP address shows as 0.0.0.0.   Wireshark shows the request , the ACK.  Then nothing.  The pcap was from the controller.  They want a capture from the air.  If someone could do that I would like to see the file.

    ------------------------------
    Brian Warren
    ------------------------------



  • 5.  RE: Android 11 connecting to ArubaVC 8.6.0.6

    Posted 12 days ago
    Next time I'm in our office, (Tuesday) I'll try to capture that and post it.

    ------------------------------
    Ben Rollman
    ------------------------------



  • 6.  RE: Android 11 connecting to ArubaVC 8.6.0.6

    Posted 12 days ago
    I think I answered you on Reddit :)

    ------------------------------
    Tim C
    ------------------------------



  • 7.  RE: Android 11 connecting to ArubaVC 8.6.0.6

    Posted 12 days ago

    Ha! Yes, you did.

    I will say, I do have eyes into our admin side, but we're a small shop where 1-2 people have to know everything about all systems, which means I know very little about a lot of things.  Wifi architecture low on that list.  Our MS teams is helping, but I was hoping to find out more to speed that up since that takes a while.

    We think having a non-CA cert might be helpful, so the next step is having a *.ourdomain.org available on the controller.



    ------------------------------
    Ben Rollman
    ------------------------------



  • 8.  RE: Android 11 connecting to ArubaVC 8.6.0.6

    Posted 12 days ago
    If you're a small team, I would avoid using a tunneled EAP method altogether. If it's not properly configured on every client, there is a high risk for credential interception.

    I would consider using a PSK if you can't migrate to EAP-TLS.

    ------------------------------
    Tim C
    ------------------------------