Security

Reply
Contributor I

Guest Registration Disable Issue

I have been able to get a self registration working for IOT devices where there is not a captive portal using a COA to another VLAN (666).  However, when I disable that registred device, it kicks it off of the VLAN666 but the device still has an IP Address showing and it can still browse the internet.  However, when I forget the network and then try and reconnect, I see the expected behavior again.  

It seems that I am missing a role communication with the controller.  Thoughts?  Attached are my clearpass enforcements. 

Guru Elite

Re: Guest Registration Disable Issue

Just to be clear, you're using Device Registration, not Guest Self-Registration, correct?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Guest Registration Disable Issue

Correct. Device Registration.


Guru Elite

Re: Guest Registration Disable Issue

Do you see a DM/CoA tab in the original access tracker request?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Guest Registration Disable Issue

There is:

Date and Time:  May 07, 2018 15:50:45 PDT

Application Name:  Policy Manager

RADIUS CoA Action Type:  Disconnect

RADIUS CoA Action Name:  [ArubaOS Wireless - Terminate Session]

Status Code:  1

Status Message:  Radius [ArubaOS Wireless - Terminate Session] successful for client 0034da9dc724.

RADIUS CoA Attributes:  Calling-Station-Id = 0034DA9DC724

Contributor I

Re: Guest Registration Disable Issue

Also, When I reactivate that device, it doesn't seem to re-check for the network.  There are a few things about this that are getting me.  The device shows up in the association table, but if I do a lookup in the user-table, they aren't showing up and they show offline in the CPPM access tracker. 

 

 

Guru Elite

Re: Guest Registration Disable Issue

Best to work with Aruba TAC.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: