Security

Hello,

 

After having been onboarded, from time to time users get automatically connected back to the onboarding (open) SSID and have to manually reconnect their device (IOS or Android) to the protected SSID. Is there a way to prevent that ?

 

ArubaOS 6.4.2.2

CPPM 6.4.0.66263

 

Many thanks in advance,

 

Jan

You can assign a role or stop them from getting an IP but unfortunately there is nothing to stop the client from associating as its a client decision.

Sent from Nine<>

Hi JSkrivervik,

 

I've seen this before as well. What are you using to make a decision on what's a BYOD device? It might be worthwile to have a line that says EAP-TLS connections are given a specific BYOD user role. Like Tim mentioned, if the user is not presenting an EAP-TLS connection to Clearpass, it's on the client. But, if you're differentiating traffic based on an iOS, Android, etc., you may want to look at Access Tracker and see if that is coming up as the right device type. I saw this once with a customer and there was an issue with DHCP relaying and Clearpass wasn't profiling the device correctly.

 

Hope it helps!

 

-Mike

OK, many thanks to both of you for your input.

 

Jan