Higher Education

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Highlighted
New Contributor

Dorm Networks - ROKU issue 2020

The students have been bringing some new ROKU product such as the ROKU premier which is showing a screen asking the student if the device is in a home, hotel or dorm (see attached screen shot). We use Clearpass for mac authentication for our dorm open network and it works great with most devices. Unfortunately, the ROKU and the configuration device (Smart Phone or Tablet) cannot be on the open network.

Has anyone else seen this issue in their dorms yet?

Scott Kirkland
This information is personal advice only. Always work with your Aruba Engineer before making any network changes/upgrades.
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
MVP Expert

Re: Dorm Networks - ROKU issue 2020

In addition to lkfirestone suggestion, you can also add the "Change of Authorization" to the registration form , this will force a reauth dynamically when the user registers the device , if the device is stuck on the logon role .

2020-08-19 12_34_42-Customize Form Fields (mac_create_2).png

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

View solution in original post

11 REPLIES 11
Highlighted
Occasional Contributor I

Re: Dorm Networks - ROKU issue 2020

Not sure if someone will beat me to answering, but I know exactly how that message is being created. I had to interpret what the user is doing, based on what I saw on the controller.

 

You're doing mac auth, so I assume you are using a Registration portal for the kids to register their device.... Either they are registering it AFTER clicking to connect, or within seconds of each other.

 

Long story short, they are getting into the "logon" role on my campus, due to not being registered. The logon role goes now where for us. The Roku thinks that there is something stopping it like a splash page.

 

I set a 5 minute re-auth timer on that role so all I'm relaying to our Help Desk is to have the kid get off the Network screen on the Roku, or shut off the TV for 5 minutes.   At the 5 minutes, they age out of the controller, and when they try again, Clearpass accepts them as a registered user....

 

 

I plan on changing that re-auth timer to something higher in the semester, but for right now its been saving me from a lot of aaa delete's .... 

 

If they STILL get that message, then they didn't register the mac address correctly still. 

Highlighted
MVP Expert

Re: Dorm Networks - ROKU issue 2020

In addition to lkfirestone suggestion, you can also add the "Change of Authorization" to the registration form , this will force a reauth dynamically when the user registers the device , if the device is stuck on the logon role .

2020-08-19 12_34_42-Customize Form Fields (mac_create_2).png

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

View solution in original post

Highlighted
New Contributor

Re: Dorm Networks - ROKU issue 2020

I don't have any comments to add yet, but thanks for the heads up!  We have some similarities to your configurations.  If we find anything noteworthy, I will pass along.

Highlighted
All-Decade MVP 2020

Re: Dorm Networks - ROKU issue 2020

We did a short logon timeout at first then moved to doing a COA. Works well.

 

Mike

Highlighted
All-Decade MVP 2020

Re: Dorm Networks - ROKU issue 2020

Victor, can you comment on how the change_of_authorization field in guest approach is different than setting up a service in policy manager that issues an [ArubaOS Wireless – Terminate Session] enforcement profile? (The latter is what we currently have in place.)

- Ryan -
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Highlighted

Re: Dorm Networks - ROKU issue 2020

As of this semester, for Guest we now use our own portal server with the REST API to ClearPass & Aruba wireless.

I put in a slight ( 1 minute?) delay after registration before logging them in to give my ClearPass cluster time to sync the account.


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Highlighted
New Contributor

Re: Dorm Networks - ROKU issue 2020

Thank you, lkfirestone.

You are correct about the user getting the " Dorm hotel page" . Thanks for your input.

Scott Kirkland
This information is personal advice only. Always work with your Aruba Engineer before making any network changes/upgrades.
Highlighted
New Contributor

Re: Dorm Networks - ROKU issue 2020

Thanks Victor, I like this solution and will look into it.

Scott Kirkland
This information is personal advice only. Always work with your Aruba Engineer before making any network changes/upgrades.
Highlighted
MVP Expert

Re: Dorm Networks - ROKU issue 2020

The CoA in the form, allows you to dynamically send the CoA right after the user registers the device (IMO is more effective and clean if the device is stuck in the logon role)
For the terminate session enforcement to be executed, you will need to wait until the next time the device reauth.
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: