Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

How to force auto join to the eap-tls ssid after onboarding

This thread has been viewed 2 times

  • 1.  How to force auto join to the eap-tls ssid after onboarding

    Posted Aug 04, 2015 02:51 PM

    Hi forum,

     

    My onboarded devices are not automatically joining the EAP-TLS ssid. I have an open ssid that will get you to the provisioning page and after you're done you should automatically connect to the secure EAP-TLS ssid. I have my network configured like this:

    Screen Shot 2015-08-04 at 11.49.39 AM.png

     

    But still no luck. I have to click on the EAP-TLS ssid after I onboard in order to join it. any idea? 



  • 2.  RE: How to force auto join to the eap-tls ssid after onboarding

    EMPLOYEE
    Posted Aug 04, 2015 03:55 PM

    What version of ClearPass are you running?

     

    Also, does change status from Access Tracker work?



  • 3.  RE: How to force auto join to the eap-tls ssid after onboarding

    Posted Aug 04, 2015 04:29 PM

    clearpass is 6.5

    and change status isn't working. I'm looking to automate the disconnect from the open ssid and the reconnect to the eap-tls ssid.



  • 4.  RE: How to force auto join to the eap-tls ssid after onboarding

    EMPLOYEE
    Posted Aug 04, 2015 04:49 PM

    You should check to see that RFC3576 (CoA) is enabled and working.  Check the controller and also the Network Device in ClearPass.



  • 5.  RE: How to force auto join to the eap-tls ssid after onboarding

    Posted Aug 04, 2015 09:11 PM

    thanks Seth, how do I test CoA working or not? I know on my aaa profile I have ccpm there with the same psk.



  • 6.  RE: How to force auto join to the eap-tls ssid after onboarding

    EMPLOYEE
    Posted Aug 04, 2015 09:14 PM
    In access tracker, click the most recent request for a currently connected client and click the Change Status button at the bottom and then choose [Aruba Terminate Session].



    Sent from Mail for Windows 10


  • 7.  RE: How to force auto join to the eap-tls ssid after onboarding

    EMPLOYEE
    Posted Aug 04, 2015 09:44 PM
    Mac devices will not switch ssid. They like to hold onto the original one. You will need to make sure you are on boarding in the same ssid and then send a coa disconnect