Controllerless Networks

 View Only
last person joined: yesterday 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Android 12 users are not authenticating via guest portal in branch office.

This thread has been viewed 32 times
  • 1.  Android 12 users are not authenticating via guest portal in branch office.

    Posted 23 days ago
    Hello Everyone,
    I would really appreciate if you can help me on this.

    We have 2 different locations (main office and branch office). Main office is connected to branch office via P2P.
    At main office we have -
    • Aruba 515 Ap'
    • Aruba controller
    • Aruba ClearPass
    • Here all the guest users are working (Android 12 and lower as well as all IoS users)
    At Branch office we have -
    1. Aruba 515 Ap's
    2. IAP virtual controller (AP's built in virtual controller)
    3. We have configured guest SSID and for authentication given path of Main branch ClearPass and for guest portal also given path of main office.
    4. Here only android 12 users are not getting connected, after entering OTP the page is getting refreshed again and again (failing to connect)
    5. We have checked on ClearPass logs
    6. Error code - 204
    7. Error Category - Authentication failure
    8. Error Msg - failed to classify request to service.
    9. Alerts for this request -
    10. Radius - Service categorization filed.
    11. Radius:Aruba:Aruba-ESSID-Name = is different which is configured in Guest SSID (This is showing for android 12 users only, for lower version it is showing perfect) Ex. SSID is - Test_Guest. In android 12 it is showing - _owetm_Test_Guest1039747924.


  • 2.  RE: Android 12 users are not authenticating via guest portal in branch office.

    EMPLOYEE
    Posted 23 days ago
    Your Android 12 clients are trying to connect with OWE (part of the WPA3 security standard). Easiest fix probably would be to change your service classification rule:
    Aruba-ESSID-Name EQUALS Test_Guest
    into:
    Aruba-ESSID-Name CONTAINS Test_Guest

    Or change the encryption on the Test_Guest SSID from OWE to Open.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Android 12 users are not authenticating via guest portal in branch office.

    Posted 19 days ago
    Hello Herman,
    Thank you for your quick response with the solution.
    After making suggest changes in ClearPass, Android 12 users are able to join the network, But as this might be a vulnerability.
    • We are trying to find out the issue related to OWE.
    • As this is the Guest SSID and it is kept encryption Open already.
    • I will keep posted for further activities.



  • 4.  RE: Android 12 users are not authenticating via guest portal in branch office.

    Posted 9 days ago
    I found that guest setting for "enhanced open" works well for us for both android and Iphone, it also remove the "this is not encrypted" warning on the phones