Security

Hello,

Recently, I have observed that random domains are trying to access my corporate wireless which is being rejected by clearpass.

an example for this is as below:

1424021217514547@wlan.mnc002.mcc424.3gppnetwork.org

1424021214868847@wlan.mnc002.mcc424.3gppnetwork.org

One thing to mention is that it is coming from only one location in a remote site.

Did you accidentally configure hotspot profiles on your SSID?  https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/arubaos-solutions/hotspot/hots-adve-prof.htm

That are users that try to use Mobile phone SIM authentication on your SSID. You can look up: mcc 424 / mnc 002 is the provide Etisalat in the United Arab Emirates.

Either you, as suggested, configured hotspot 2.0/802.11u on your SSID, or these users manually configured their device with EAP-SIM/EAP-AKA.

Or, you used the same SSID as an SSID elsewhere configured for SIM authentication and the client just tries to authenticate when it recognizes the SSID.

Do you recognize any of these conditions?

Thanks, Joseph and Herman for the reply.

I have checked in the controller if hotspot 2.0 were enabled and it was not, the profile was set to N/A. I would assume that this is not enabled.

Any other ideas? 

Your replies are highly appreciated

If it is the same clients, it could be a couple misconfigured clients occasionally attempting to attach to your network.