Hello,
I understand all your problems seems to be a client authentication or authorzation realated issue:
- if I change my (Active directory) i cannot connect to the wireless network
- why my equipment is always in quarentine when trying to run a peer-to-peer applicantion
- why i'm not able to use my personal tablet?
The following commands on the Controller on which the client is terminating (Instant Virtual Controller might have similar commands) will come in handy whenever you are having and issue with client related issue:
- #show user-table <user-ip> --> if you have multiple controllers, check on each controller to find the user or which is controlling the user location APs
- #show station-table <mac-address>
If nothing above worked or not enough to provide the information:
- #show aaa state station <mac address of the client in trouble> --> Check the "aaa-profile name" on the output
- #show aaa-profile <aaa-profile name> --> Check the roles mapped to the profile
- #show rights <role-name> --> Check the policy of the role if the application/port you are attempt to running/connect to is allowed
- When you changed the AD, may I know have you chaned the RADIUS configurations on the Controller/ Clearpass?
- While running P2P application, are you already authenticated on the network
- When you say you are not able to use, does that mean you are not able to conect to the Wi-Fi or you are connected to the network but the traffic is not passing?
For all the above scenes, if you have clearpass NAC server, please check the logs of the Access Tracker
- If the policy is not letting the user to do the activities that you mentioned, we might have authorization issue, which could be your case.
And, now you have the commands to narrow down the issue.
If you have enough logs, you can share in the community or you can reach TAC for help.
Happy Troubleshooting!!