Security

I am having an issue where iOS devices are not reconnecting after being onboarded.  I have tracked this down to ClearPass not sending out a CoA disconnect after the device is onboarded.  The application log on CPG shows a "missing attributes" error message (see screenshot) during the onboard process. 

I have confirmed that ClearPass is otherwise able to send CoA messages to the Aruba controller.  Disconnecting active sessions in CPG works fine, and disconnecting via Access Tracker also works as expected.  The option "include switch IP in redirection URL" is enabled in the captive portal profile. 

I have confirmed via packet capture that the CoA message is never sent to the Aruba controller after onboarding.  

I am using CP 6.3.0.60730 and ArubaOS 6.3.1.2

Anything else I can check before calling TAC? 

Are you sending out the device IP in the URL redirect in the CP profile?

Yes, the option "Add switch IP address in the redirection URL" in the CP profile is checked. 

Do you have Insight enabled ?

Yes, Insight is enabled.

I figured it out.  The Aruba controller was sending the cp-redirect-address as the switchip in the captive portal redirect URL.  

Hello, 

I am having the same problem and I suspect for the same reason, mind if you share how exactly you changed the CP-profile so it actually worked? 

/Tomas

Tomas, you might have already solved it, but first clue of what happens is to check the URL on your device after redirect. Here you will see switchip=<ip>

To change this you login to CLI, conf t, ip cp-redirect-address <controller-ip>