Hi athan,
the output from the access tracker means that there is no endpoint for the phone yet. It is normal and always happens when a device connects to your guest wifi for the first time.
The SQL statement uses as WHERE condition an attribute from the endpoint. But the endpoint does not exist yet. The SQL statement does not return attributes for AccountEnable and AccountExpired. The policy server logs it as alarm.
The Radius server does not find the user in the endpoint repository and also reports it as an alarm.
The MAC-Auth failed, the ClearPass Server sends a reject to the controller. The user is connected to the WLAN and remains in the preauthenticated role. In this role there must be a captive portal profile and the user must be redirected to the ClearPass landing page.
The question is whether the user gets the ClearPass landing page displayed?
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACA - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Jan 19, 2023 04:51 PM
From: athan
Subject: Mobile Guest SSID not conexion
Hello, I just had a case where one of my clients couldn't connect their phone.
He told me that when the clear pass was announced, they were working the mobile currently he has at least 3 phone guests were registered.
While performing a test mobile to connect SSID guests, I encountered this issue.
I'll show you some images of my clients' setup.