Wireless Access

Reply
Highlighted
Contributor II

Ensuring End-User Adoption on Secure Wireless Networks (802.1x, Posture Check, BYOD, etc)

Hello Everyone

 

I'm relative new (for not say novice) when implemented corporate wireless networks, I have implemented some projects using mobility controllers, instant controllers, ariwave, central, clearpass, etc. In all of these implementation we have tested the wireless "workflow" in a lab envorioment with different equipments.

 

But we always have the same problem:  when the final service is deployment the end-user start to have a lot of "issue", for example:

 

- if I change my  (Active directory) i cannot connect to the wireless network  

- why my equipment is always in quarentine when trying to run a peer-to-peer applicantion

- why i'm not able to use my personal tablet?

 

these are some of the "issues" reported from the clients, that sadly generate a lot of noise on the support department and then on us (the solution provider)

 

does anyone knows how to ensure a more "transparent" way to deploy this kind of changes of network and security controls?

 

o maybe is just me having this issue. :(

 

 

 

Highlighted
Contributor I

Re: Ensuring End-User Adoption on Secure Wireless Networks (802.1x, Posture Check, BYOD, etc)

Hello,

 

I understand all your problems seems to be a client authentication or authorzation realated issue:

- if I change my  (Active directory) i cannot connect to the wireless network  

- why my equipment is always in quarentine when trying to run a peer-to-peer applicantion

- why i'm not able to use my personal tablet?

 

The following commands on the Controller on which the client is terminating (Instant Virtual Controller might have similar commands) will come in handy whenever you are having and issue with client related issue:

- #show user-table <user-ip> --> if you have multiple controllers, check on each controller to find the user or which is controlling the user location APs

- #show station-table <mac-address>

If nothing above worked or not enough to provide the information:

- #show aaa state station <mac address of the client in trouble> --> Check the "aaa-profile name" on the output

- #show aaa-profile <aaa-profile name> --> Check the roles mapped to the profile

- #show rights <role-name> --> Check the policy of the role if the application/port you are attempt to running/connect to is allowed

 

- When you changed the AD, may I know have you chaned the RADIUS configurations on the Controller/ Clearpass?

- While running P2P application, are you already authenticated on the network

- When you say you are not able to use, does that mean you are not able to conect to the Wi-Fi or you are connected to the network but the traffic is not passing?

 

For all the above scenes, if you have clearpass NAC server, please check the logs of the Access Tracker

- If the policy is not letting the user to do the activities that you mentioned, we might have authorization issue, which could be your case.

And, now you have the commands to narrow down the issue.

If you have enough logs, you can share in the community or you can reach TAC for help.

 

Happy Troubleshooting!!

- Jeeva Selvakumar
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: