Security

Good evening everyone, let me introduce myself, I'm Michele, I have a problem in my company, I configured two clearpasses with 3 user categories, so far so good, but when authenticating, Android users calmly use Whatsapp, while iOS users still don't. connect, did I do something wrong about the policies? thanks for anyone who can help me, and sorry for my english

What makes you think this is a ClearPass issue?  What type of flow is this? MAB? Guest? 802.1X? Are you passing dACLs, Downloadable User Roles, Local User Roles, ACLs to clients?  Wired or wireless?  

Good evening everyone, let me introduce myself, I'm Michele, I have a problem in my company, I configured two clearpasses with 3 user categories, so far so good, but when authenticating, Android users calmly use Whatsapp, while iOS users still don't. connect, did I do something wrong about the policies? thanks for anyone who can help me, and sorry for my english

What makes you think this is a ClearPass issue?  What type of flow is this? MAB? Guest? 802.1X? Are you passing dACLs, Downloadable User Roles, Local User Roles, ACLs to clients?  Wired or wireless?  

Good evening everyone, let me introduce myself, I'm Michele, I have a problem in my company, I configured two clearpasses with 3 user categories, so far so good, but when authenticating, Android users calmly use Whatsapp, while iOS users still don't. connect, did I do something wrong about the policies? thanks for anyone who can help me, and sorry for my english

Ok so what is different between the various Roles?  What makes you think this is a ClearPass issue?  What do you mean by "when I switch from clearpass to iOS"?

What makes you think this is a ClearPass issue?  What type of flow is this? MAB? Guest? 802.1X? Are you passing dACLs, Downloadable User Roles, Local User Roles, ACLs to clients?  Wired or wireless?  

Good evening everyone, let me introduce myself, I'm Michele, I have a problem in my company, I configured two clearpasses with 3 user categories, so far so good, but when authenticating, Android users calmly use Whatsapp, while iOS users still don't. connect, did I do something wrong about the policies? thanks for anyone who can help me, and sorry for my english

Ok so what is different between the various Roles?  What makes you think this is a ClearPass issue?  What do you mean by "when I switch from clearpass to iOS"?

What makes you think this is a ClearPass issue?  What type of flow is this? MAB? Guest? 802.1X? Are you passing dACLs, Downloadable User Roles, Local User Roles, ACLs to clients?  Wired or wireless?  

Good evening everyone, let me introduce myself, I'm Michele, I have a problem in my company, I configured two clearpasses with 3 user categories, so far so good, but when authenticating, Android users calmly use Whatsapp, while iOS users still don't. connect, did I do something wrong about the policies? thanks for anyone who can help me, and sorry for my english

Ok so what is different between the various Roles?  What makes you think this is a ClearPass issue?  What do you mean by "when I switch from clearpass to iOS"?

What makes you think this is a ClearPass issue?  What type of flow is this? MAB? Guest? 802.1X? Are you passing dACLs, Downloadable User Roles, Local User Roles, ACLs to clients?  Wired or wireless?  

Good evening everyone, let me introduce myself, I'm Michele, I have a problem in my company, I configured two clearpasses with 3 user categories, so far so good, but when authenticating, Android users calmly use Whatsapp, while iOS users still don't. connect, did I do something wrong about the policies? thanks for anyone who can help me, and sorry for my english

Ok so what is different between the various Roles?  What makes you think this is a ClearPass issue?  What do you mean by "when I switch from clearpass to iOS"?

What makes you think this is a ClearPass issue?  What type of flow is this? MAB? Guest? 802.1X? Are you passing dACLs, Downloadable User Roles, Local User Roles, ACLs to clients?  Wired or wireless?  

Good evening everyone, let me introduce myself, I'm Michele, I have a problem in my company, I configured two clearpasses with 3 user categories, so far so good, but when authenticating, Android users calmly use Whatsapp, while iOS users still don't. connect, did I do something wrong about the policies? thanks for anyone who can help me, and sorry for my english

.

I don't understand the thoughts behind the configuration provided in the screenshots. The role mapping policy is the default guest role mapping policy for MAC caching and in the enforcement policy you have four rules all returning just and Accept back to the controller.

With this setup it doesn't matter what role you assign the users under the Local User Repository, as it looks like you are using this repository.  With the size of your organisation you shouldn't use the Local User Repository, instead the corporate directory such as Active Directory, Entra ID, or a generic LDAP.

If the iPhone authenticates OK in ClearPass, it's the same result sent back to the controller as a Android. ClearPass is not the root cause of your problem, but I recommend that you contact an Aruba SE or Aruba Partner with ClearPass knowledge to help you with the configuration. Also check the Airheads Broadcasting channel on Youtube with the ClearPass series: https://www.youtube.com/watch?v=bnOGv6sN804&list=PLsYGHuNuBZcbZPEku1zxkfpn2k_O_MENo

You have to check the controller configuration. Only way I can think of that can cause different access for Android and iPhone in this case is if the Android successfully authenticates with 802.1x and the iPhone with MAC auth. In that situation the controller will utilize the respective default roles for 802.1x and MAC auth. If these roles are different and have the MAC auth role have firewall rules blocking some ports you can end up in this situation.

.

I don't understand the thoughts behind the configuration provided in the screenshots. The role mapping policy is the default guest role mapping policy for MAC caching and in the enforcement policy you have four rules all returning just and Accept back to the controller.

With this setup it doesn't matter what role you assign the users under the Local User Repository, as it looks like you are using this repository.  With the size of your organisation you shouldn't use the Local User Repository, instead the corporate directory such as Active Directory, Entra ID, or a generic LDAP.

If the iPhone authenticates OK in ClearPass, it's the same result sent back to the controller as a Android. ClearPass is not the root cause of your problem, but I recommend that you contact an Aruba SE or Aruba Partner with ClearPass knowledge to help you with the configuration. Also check the Airheads Broadcasting channel on Youtube with the ClearPass series: https://www.youtube.com/watch?v=bnOGv6sN804&list=PLsYGHuNuBZcbZPEku1zxkfpn2k_O_MENo

You have to check the controller configuration. Only way I can think of that can cause different access for Android and iPhone in this case is if the Android successfully authenticates with 802.1x and the iPhone with MAC auth. In that situation the controller will utilize the respective default roles for 802.1x and MAC auth. If these roles are different and have the MAC auth role have firewall rules blocking some ports you can end up in this situation.

.