Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Android phone connection issues

This thread has been viewed 12 times

  • 1.  Android phone connection issues

    Posted Aug 30, 2012 01:22 PM

    I'm having a weird issue with Android phones.  They connect to my SSID, get an IP address through my DHCP server, but the client does not register as a user, I can't ping the phone's IP address through the controller, and the phone does not get the captive portal auth screen.  I've done some research on here, and allowed CRL and OCSR web sites through, but still cannot connect via these devices.  All other devices connect fine.  I setup the phone via MAC authentication which puts it into a role where all traffic is allowed through, and I still have no connection between the controller and the phones.  Hopefully, someone has solved this issue and can help me out.  Thanks!



  • 2.  RE: Android phone connection issues

    Posted Aug 30, 2012 02:22 PM
    Is the phone able to ping its default gateway? Can you see the phone in the station table?


  • 3.  RE: Android phone connection issues

    Posted Aug 30, 2012 02:39 PM

    No on both counts.  Baffling to me, how it can obtain a DHCP address and not be able to move traffic.



  • 4.  RE: Android phone connection issues

    Posted Aug 30, 2012 03:01 PM
    Since the phone is not showing up in the user-table and station-table, we should troubleshoot that part.

    Make sure you are checking the correct controller where the AP is terminating.
    If you know which AP you are associating to then run the following command:
    show ap debug client-table ap-name <ap-name> will show you all the clients associated to that AP.

    Also, I would recommend turning on debugging for the user

    logging level debugging user-debug <user-mac>


  • 5.  RE: Android phone connection issues

    Posted Sep 05, 2012 06:06 AM

    I have same situation with the Androids...but JUST with the Androids. Here is an user-debug:

     

    Sep 5 11:02:05 :501065:  <DBUG> |stm|  send_ageout_sta_ack 8157: Send ageout sta 28:98:7b:5d:dd:b4 ack back to AP (10.136.1.9)
    Sep 5 11:02:05 :501105:  <NOTI> |stm|  Deauth from sta: 28:98:7b:5d:dd:b4: AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1 Reason STA has left and is deauthenticated
    Sep 5 11:02:05 :501065:  <DBUG> |stm|  Sending STA 28:98:7b:5d:dd:b4 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:0
    Sep 5 11:02:05 :500511:  <DBUG> |mobileip|  Station 28:98:7b:5d:dd:b4, 0.0.0.0: Received disassociation on ESSID: infobex-corp Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name infobex-ap1 Group infobex-ap BSSID 6c:f3:7f:db:8b:d1, phy g, VLAN 1
    Sep 5 11:02:05 :522036:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station DN: BSSID=6c:f3:7f:db:8b:d1 ESSID=infobex-corp VLAN=1 AP-name=infobex-ap1
    Sep 5 11:02:05 :500010:  <NOTI> |mobileip|  Station 28:98:7b:5d:dd:b4, 255.255.255.255: Mobility trail, on switch 10.136.3.241, VLAN 1, AP infobex-ap1, infobex-corp/6c:f3:7f:db:8b:d1/g
    Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 ingress 0x1090 (tunnel 16), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
    Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  station free: bssid=6c:f3:7f:db:8b:d1, @=0x108c4644
    Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 Send Station delete message to mobility
    Sep 5 11:02:05 :522004:  <DBUG> |authmgr|  28:98:7b:5d:dd:b4: station datapath entry deleted
    Sep 5 11:02:05 :501000:  <DBUG> |stm|  Station 28:98:7b:5d:dd:b4: Clearing state
    Sep 5 11:02:16 :501095:  <NOTI> |stm|  Assoc request @ 11:02:16.815173: 28:98:7b:5d:dd:b4 (SN 4): AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1
    Sep 5 11:02:16 :501100:  <NOTI> |stm|  Assoc success @ 11:02:16.818383: 28:98:7b:5d:dd:b4: AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1
    Sep 5 11:02:16 :501065:  <DBUG> |stm|  Sending STA 28:98:7b:5d:dd:b4 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:0
    Sep 5 11:02:16 :500511:  <DBUG> |mobileip|  Station 28:98:7b:5d:dd:b4, 0.0.0.0: Received association on ESSID: infobex-corp Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name infobex-ap1 Group infobex-ap BSSID 6c:f3:7f:db:8b:d1, phy g, VLAN 1
    Sep 5 11:02:16 :500010:  <NOTI> |mobileip|  Station 28:98:7b:5d:dd:b4, 0.0.0.0: Mobility trail, on switch 10.136.3.241, VLAN 1, AP infobex-ap1, infobex-corp/6c:f3:7f:db:8b:d1/g
    Sep 5 11:02:16 :522035:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station UP: BSSID=6c:f3:7f:db:8b:d1 ESSID=infobex-corp VLAN=1 AP-name=infobex-ap1
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 ingress 0x1090 (tunnel 16), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
    Sep 5 11:02:16 :522038:  <INFO> |authmgr|  username=arubademo MAC=28:98:7b:5d:dd:b4 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=infobex-radius
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  Auth done called from Authenticated state
    Sep 5 11:02:16 :522044:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station authenticate(start): method=802.1x, role=logon//, VLAN=1/1/0/0/0, Derivation=0/0, Value Pair=1
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  {L2} infobex-default from profile "infobex-corp-aaa_prof"
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  {L2} Update role from logon to infobex-default for IP=0.0.0.0
    Sep 5 11:02:16 :522049:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4,IP=N/A User role updated, existing Role=logon/none, new Role=infobex-default/none, reason=Station Authenticated with auth type: 4
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  download-L2: acl=57/0 role=infobex-default, tunl=0x1090, PA=0, HA=1, RO=0, VPN=0
    Sep 5 11:02:16 :522050:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4,IP=N/A User data downloaded to datapath, new Role=infobex-default/57, bw Contract=0/0,reason=Download driven by user role setting
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  Station authenticate has l2 role :infobex-default default role logon logon role logon
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|   Valid Dot1xct, remote:0, assigned:1, default:1,current:1,termstate:0, wired:0,dot1x enabled:1, psk:0 static:0 bssid=6c:f3:7f:db:8b:d1
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  Vlan assignment is not needed during station authentication
    Sep 5 11:02:16 :522004:  <DBUG> |authmgr|  MAC=28:98:7b:5d:dd:b4 def_vlan 1 derive vlan: 0 auth_type 4 auth_subtype 4
    Sep 5 11:02:16 :522029:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 Station authenticate: method=802.1x, role=infobex-default//, VLAN=1/1/0/0/0, Derivation=1/0, Value Pair=1
    Sep 5 11:02:17 :522026:  <INFO> |authmgr|  MAC=28:98:7b:5d:dd:b4 IP=0.0.0.0 User miss: ingress=0x1090, VLAN=1
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 61, signature 3D0128987B5DDDB4
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 50, signature 320A880121
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 57, signature 3905DC
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 60, signature 3C64686370636420342E302E3135
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  MAC 28:98:7b:5d:dd:b4, dhcp option 55, signature 3701792103060F1C333A3B77
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  Deriving role from user attributes
    Sep 5 11:02:17 :522004:  <DBUG> |authmgr|  DHCP ACK mac 28:98:7b:5d:dd:b4, client ip 10.136.1.33, server ip 0.0.0.0

     



  • 6.  RE: Android phone connection issues

    EMPLOYEE
    Posted Sep 05, 2012 06:09 AM

    type "show rights infobex-default" to see what ACLs are applied to that client.

     

    You also did not say what version of ArubaOS.

     

     

     



  • 7.  RE: Android phone connection issues

    Posted Sep 05, 2012 06:18 AM

    OS version is 6.1.3.4



  • 8.  RE: Android phone connection issues

    EMPLOYEE
    Posted Sep 05, 2012 06:36 AM

    Please open a TAC case to get this resolved.

     



  • 9.  RE: Android phone connection issues

    Posted Sep 05, 2012 06:19 AM

    (Aruba3600) #show rights infobex-default

    Derived Role = 'infobex-default'
     Up BW:No Limit   Down BW:No Limit  
     L2TP Pool = default-l2tp-pool
     PPTP Pool = default-pptp-pool
     Periodic reauthentication: Disabled
     ACL Number = 58/0
     Max Sessions = 65535


    access-list List
    ----------------
    Position  Name      Location
    --------  ----      --------
    1         allowall  

    allowall
    --------
    Priority  Source  Destination  Service  Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
    --------  ------  -----------  -------  ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
    1         any     any          any      permit                           Low                                                           4
    2         any     any          any      permit                           Low                                                           6

    Expired Policies (due to time constraints) = 0



  • 10.  RE: Android phone connection issues

    Posted Sep 05, 2012 11:23 AM

    hthakker,

     

    Sorry for the late response, I was out of the office for a few days.  Here is the result of the sh ap debug client-table ap-name command:

     

    c8:aa:21:40:7b:bb  CCMWireless  d8:c7:c8:f8:aa:90  Associated     Qb        0x1  Power-save  (1,0,0,0,2,8)    3        76       0        0           1        65       0             33           2[0x3]     Wed Sep  5 10:15:50 2012  Wed Sep  5 10:17:04 2012

    00:19:7d:c5:55:ad  CCMWireless  d8:c7:c8:f8:aa:90  Associated     None      0x2  Power-save  (0,0,0,0,N/A,0)  4        240      0        0           24       54       54            52           2[0x3]     Wed Sep  5 10:12:30 2012  Wed Sep  5 10:16:39 2012

    b8:17:c2:4e:f9:c6  CCMWireless  d8:c7:c8:f8:aa:90  Authenticated  M              Awake       (0,0,0,0,N/A,0)  3        93       0        0           1        1        15            12           2[0x3]     Wed Sep  5 10:16:28 2012  Wed Sep  5 10:16:45 2012                                                                                                                                                                                                                                        UAPSD:(VO,VI,BK,BE,Max SP,Q Len) HT Flags: A - LDPC Coding; W - 40Mhz; S - Short GI HT40; s - Short GI HT20           D - Delayed BA; G - Greenfield; R - Dynamic SM PS           Q - Static SM PS; N - A-MPDU disabled; B - TX STBC           b - RX STBC; M - Max A-MSDU; I - HT40 Intolerant

     

    Here's the results of the sh user-table command for that user (no results):

    (wireless2) #show user | include 7b:bb  

     

     

    Here's the results of the show log user-debug command:

    Sep 5 10:11:50 :501095:  <NOTI> |stm|  Assoc request @ 10:11:50.596132: c8:aa:21:40:7b:bb (SN 1): AP 10.60.0.72-d8:c7:c8:f8:aa:90-EHServerRoom
    Sep 5 10:11:50 :500010:  <NOTI> |mobileip|  Station c8:aa:21:40:7b:bb, 255.255.255.255: Mobility trail, on switch 10.180.0.2, VLAN 189, AP EH204/209, CCMWireless/d8:c7:c8:f8:93:30/g
    Sep 5 10:11:50 :522036:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station DN: BSSID=d8:c7:c8:f8:93:30 ESSID=CCMWireless VLAN=189 AP-name=EH204/209
    Sep 5 10:11:50 :501080:  <NOTI> |stm|  Deauth to sta: c8:aa:21:40:7b:bb: Ageout AP 10.60.0.82-d8:c7:c8:f8:93:30-EH204/209 STA has left and is deauthenticated
    Sep 5 10:11:50 :501100:  <NOTI> |stm|  Assoc success @ 10:11:50.603915: c8:aa:21:40:7b:bb: AP 10.60.0.72-d8:c7:c8:f8:aa:90-EHServerRoom
    Sep 5 10:11:50 :500010:  <NOTI> |mobileip|  Station c8:aa:21:40:7b:bb, 0.0.0.0: Mobility trail, on switch 10.180.0.2, VLAN 189, AP EHServerRoom, CCMWireless/d8:c7:c8:f8:aa:90/g
    Sep 5 10:11:50 :522035:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station UP: BSSID=d8:c7:c8:f8:aa:90 ESSID=CCMWireless VLAN=189 AP-name=EHServerRoom
    Sep 5 10:11:50 :522038:  <INFO> |authmgr|  username=C8:AA:21:40:7B:BB MAC=c8:aa:21:40:7b:bb IP=0.0.0.0 Authentication result=Authentication Successful method=MAC server=Internal
    Sep 5 10:11:50 :522044:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station authenticate(start): method=MAC, role=CCMWireless2-logon//, VLAN=189/189/0/0/0, Derivation=10/0, Value Pair=1
    Sep 5 10:11:50 :522017:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb IP=?? Derived role 'GDlaptops' from server rules: server-group=default, authentication=MAC
    Sep 5 10:11:50 :522049:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb,IP=N/A User role updated, existing Role=CCMWireless2-logon/none, new Role=GDlaptops/none, reason=Station Authenticated with auth type: 2
    Sep 5 10:11:50 :522050:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb,IP=N/A User data downloaded to datapath, new Role=GDlaptops/58, bw Contract=0/0,reason=Download driven by user role setting
    Sep 5 10:11:50 :522029:  <INFO> |authmgr|  MAC=c8:aa:21:40:7b:bb Station authenticate: method=MAC, role=GDlaptops//, VLAN=189/189/0/0/0, Derivation=2/0, Value Pair=1

     

    So, it seems the Android is being authenticated, but then the controller has no information on it.  I only have one controller, BTW.



  • 11.  RE: Android phone connection issues

    Posted Sep 05, 2012 11:24 AM

    There are several other users using the GDlaptops role with no issues.



  • 12.  RE: Android phone connection issues

    Posted Sep 05, 2012 12:26 PM
    tgillon,

    Based on the above logs, the Android phone is not receiving an IP address.
    Can you make sure that DHCP is permitted in both CCMWireless2-logon role as well as GDlaptops role.

    The controller does have information on the user as we can see it is associated to the AP in the "show ap debug client-table", but since it is failing to get an IP address, it is not showing up in the user-table.

    Are there any other devices that do MAC authentication and following the same role derivation sequence working fine?



  • 13.  RE: Android phone connection issues

    Posted Sep 05, 2012 12:33 PM

    The phone is obtaining a DHCP address.  There is an entry in my DHCP scope for the phone.  The GDlaptops role is for testing and is very restricted as to who can access, but I am not blocking any traffic on that role (I have any/any/any permitted).



  • 14.  RE: Android phone connection issues

    Posted Sep 05, 2012 12:35 PM
    Kindly open a support case for this issue.

    Regards,


  • 15.  RE: Android phone connection issues

    Posted Oct 05, 2012 09:32 AM

    *Bump*

     

    Got same issues. Only newer android phones.

    The 2.x phones work fine.

     

    Did you get this issue resolved?



  • 16.  RE: Android phone connection issues

    EMPLOYEE
    Posted Oct 05, 2012 12:24 PM
    @PoTski wrote:

    *Bump*

     

    Got same issues. Only newer android phones.

    The 2.x phones work fine.

     

    Did you get this issue resolved?

    Please open a support case so we can get the specifics and drive this to a solution.  We cannot do anything without details.  The majority of deployments we have work fine with android devices.  We need details on yours to find out why it does not work...

     



  • 17.  RE: Android phone connection issues

    Posted Oct 10, 2012 08:50 AM

    K,

     

    Will do.

     

     

    -Peet



  • 18.  RE: Android phone connection issues

    Posted Dec 06, 2012 07:12 AM

    I know this is an older topic now but did the issue ever get resolved?

    I am having the same problem with newer Androis devices, Specifically JellyBean.

     

    It would be good to know if someone has come up with a solution from previously opened TAC before I open one of my Own.

     

    Cheers



  • 19.  RE: Android phone connection issues

    EMPLOYEE
    Posted Dec 06, 2012 07:32 AM

    Tpelly,

     

    On the contrary.  You should open your own TAC case.  Client-specific issues present themselves in different ways, even though they may be similar.  Get support to look at your information so you can get a personalized answer to your question.

     

    You should still ask people if they have a similar problem, but always open a TAC case so that they can troubleshoot in parallel.  In addition, TAC can get much of the specific, personal information that you probably cannot post in the forum here.  It never hurts to open a tac case.

     

     



  • 20.  RE: Android phone connection issues

    Posted Feb 28, 2013 08:58 PM

    Hi Everybody,

     

    did anybody ever resolved this issue with samsung phone.

     

    I am also having issue with samsung phones.

     

    Please provide information if you guys resolved the issue.



  • 21.  RE: Android phone connection issues

    Posted Mar 22, 2013 01:18 PM

    Add me to the list of people having the same issue.  I have a tac case opened but figured I would give a bump so maybe a TAC person will post a common fix for this. 



  • 22.  RE: Android phone connection issues

    Posted Apr 03, 2013 02:42 PM

    I believe that there is a known bug in certain versions of Android OS that prevent it from connecting to certain wifi networks.

     

    http://code.google.com/p/android/issues/detail?can=2&q=36993&id=36993

     

     

    In my own network, I connected anyone who was having problems via MAC-based authentication and that seems to help.