Wireless Access

Reply
Occasional Contributor II

No Internet access on Laptops and mac devices

Hi,

The company I work for recently upgraded the Aruba controller from 7010 to 7030, everything seems working but users are complaining they get no internet access on the enterprise SSID, devices authenticate via clear pass but just doesn't get an IP, however when they  run troubleshoot and fix on the computer it tends to get an IP and works,  

If the computer is idle for a while and comes backup up the user gets the no internet access message again, which means they can't access the internet on enterprise SSID but it works on other SSID.

I had 802.11k enabled but I have since disabled it thinking that would fix it but no joy, am running out of options.

Aruba Employee

Re: No Internet access on Laptops and mac devices

Hello Willson,

As the internet acces comes back as soon as the user runs a diagnostic on his device, It seems to me that the authentication is working fine and the user is redirected to the correct vlan but is not getting an ip address.
I would start looking at the access tracker on clearpass to see if it is returning the correct profile to the controller.
Then I would check if the users are able to get an ip on the vlan for the corporate SSID.
And lastly I would check the dhcp server to make sure the ip pool used has enough ip address available to users.

 

Regards.

Occasional Contributor II

Re: No Internet access on Laptops and mac devices

Hi,

Yes, users getting the right profile clear pass,

Yes users are getting the right IP on corporate SSID

It seems we still loads of IP left as its a /20 subnet.

Guru Elite

Re: No Internet access on Laptops and mac devices

Make sure that the ACLs in the user role either have just allowall allowing all traffic or a rule permitting dhcp from any to any:

 

any any service dhcp permit

 

You would have the problem you described if you had this acl:

 

user any service dhcp permit

 

If you do, delete that acl and instead use the"any any service dhcp permit" rule instead.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: No Internet access on Laptops and mac devices

I have a word document with the existing settings.

Occasional Contributor II

Re: No Internet access on Laptops and mac devices

 
Highlighted
Aruba Employee

Re: No Internet access on Laptops and mac devices

The authenticates role described on the word file will give access to any host/service with IPv4.

Have you had the opportunity to analyse what changes on user's device when they run a diagnostic?

Do they have access to the internal network before running a diag?

Do they change IP address after running a diag?

What role does the user session is in before and after running a diag?

I there is a firewall that requires authentication before internet access, what is the user's authenticated status before and after running a diag?

 

Regards

Occasional Contributor II

Re: No Internet access on Laptops and mac devices

Do they have access to the internal network before running a diag? No, as the device is assigned AIPA address (windows IP).

What role does the user session is in before and after running a diag? The role doesn't change in clear pass.

Is there is a firewall that requires authentication before internet access, NO,

what is the user's authenticated status before and after running a diag? Access allows.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: