Wireless Access

I am new to the community and just recently started a new position.  I am rrying to figure out how a user is able to connect to our guest account without giving a username.  We collect the MAC addresses, and the system is set up to require a username, and most users do.  It is very random.  From device and OS.

Any thoughts or ideas would be a great help.

KD,

If you could PM me your email address, I can send you a link so you can send your logs and we could attempt to explain it.

A custom report called "client hog" was created before I arrived. It shows MAC address, Usernames, MB used, length of time on, Avg Usage, Connection Mode, and Device Type. When looking at this file, randomly, there are users in the report that show all the above information but the user name. There is no pattern I have been able to figure out on how this happens.

When looking at the controller it also shows the same information as the file.

We have to figure out what the pieces of this system are.  There is a controller, but what other products are involved in your guest solution?

The AP is an Aruba 134 and the controller is an Aruba 3400

I will re-send the file we talked about earlier to you. The file was converted through the web brower.  

From your logs, the captive portal authentication profile only requires a user to put in an email address that has an @ symbol.  There is no authentication:

aaa authentication captive-portal "default"
   default-role "SSI_Guest"
   default-guest-role "SSI_Guest"
   no user-logon
   guest-logon

guest-logon means that the user only needs to put in an email address to get on the guest captive portal.

That makes sense and can be seen in the logs.  

Still wondering how some people are able to not show any username at all.  I have attached an example of what we see.

If they are merely associated to the open SSID, but did not login, there will be no username.

Not sure what you mean by "associated"

I just completed an experiment.  I used my personal device and logged into the client wireless.  I was authenticated and was allowed through the portal.  I used my personal email not my work email as my credentials.  I went into the logs to see if I could find my device and realized I did not show a user id.  I found my device through my MAC and device. 

What does associated mean in wireless?  It means you connect to an SSID and get an ip address, but your phone just sits there and you do nothing.

If you login with your email address, the username should show up on the controller immediately, but could take 5 to 10 minutes to show up in Airwave due to the polling interval.

I went out on my device and check my email, checked the weather, etc. and then waited 20 min before going into the logs to check.  It shows I am using data, but my username still has not appeared.  It also shows how long I have been logged in.  

Can you see the username in the controller?

In the controller.... Inersetingly when looking at the client list.

In the SSI_Guest role it shows username.

In the guest-logon role it shows IP address or a MAC address.

Would the configuration need to be changed in the guest-logon?

The guest-logon role is for users that have associated (got an ip address), but have not authenticated...That is why there is no username.

The SSL_Guest role is for users who have already entered a username and gotten past the front page, so there is a username/email address.

Was looking through documentation from my predictor and found documentation about editing the roles.  The document talks about having the captive portal profile set to default.  I noticed the SSL_Guest is not set to default while the Guest-Logon is.    

Wondering if it is possible to configure the AAA profile roles to have a user name?  

What are you trying to do?  You could open a TAC case so that you can their specific advice about what to do next.

Ok that is good to know.  Thank you.

I will try my experiment again.  Maybe I checked to early.  

When you say "you collect the mac addresses", where are these mac addresses input by you?