Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

new Kindle Fire and Nintendo 3Ds

This thread has been viewed 0 times

  • 1.  new Kindle Fire and Nintendo 3Ds

    Posted Sep 24, 2012 03:37 PM

    I am authing both of these devices via user derivation rules.  Both devices will connect for a couple minutes and then traffic will no longer pass between the device and AP.  The controller still sees the device as associated and authenticated.  Below is what I'm using for the dhcp-option for the user rules. 

     

    37012103060f1c333a3b - Kindle Fire

    370103060f1c21 - Nintendo 3DS

     

    Any ideas or known fixes?



  • 2.  RE: new Kindle Fire and Nintendo 3Ds

    EMPLOYEE
    Posted Sep 24, 2012 03:56 PM

    Is the device ending up in the derived role?

     

    What traffic is allowed in the derived role?

     



  • 3.  RE: new Kindle Fire and Nintendo 3Ds

    Posted Sep 24, 2012 04:01 PM

    Yes it ends up in the guest role as it should.  Below is the ACL applied to this role.  We have hundreds of other devices authed using derivation rules that map to this role without issue.  Thanks  We are running 6.1.3.4.

     

     

    IPv4useranyudp 68deny  Low
    IPv4userDNS-Serverssvc-dnspermit  High
    IPv4userhost 149.76.2.2udp 443permit  

    High

    Pv4userhost 149.76.2.2tcp 443permit  Low
    IPv4anyUPnPanydeny  Low
    IPv4user149.76.8.0 255.255.254.0DMZpermit  Low
    IPv4user149.76.0.0 255.255.0.0anydeny  Low
    IPv4userprivate-netsanydeny  Low
    IPv4anyanyanypermit  Low


  • 4.  RE: new Kindle Fire and Nintendo 3Ds

    EMPLOYEE
    Posted Sep 24, 2012 04:04 PM

    Let's turn on logging:

     

    config t
logging level debug user-debug <mac address of device>

     

     

     

    After awhile:

     

    show log user-debug 50

     

     

    That will show what you are doing



  • 5.  RE: new Kindle Fire and Nintendo 3Ds

    Posted Sep 24, 2012 04:05 PM

    Thanks, the student will be back tomorrow afternoon with his new Kindle Fire and I'll try this then.



  • 6.  RE: new Kindle Fire and Nintendo 3Ds

    EMPLOYEE
    Posted Sep 24, 2012 04:07 PM
    @theflakes wrote:

    Thanks, the student will be back tomorrow afternoon with his new Kindle Fire and I'll try this then.

    Okay.  Please let us know.

     



  • 7.  RE: new Kindle Fire and Nintendo 3Ds

    Posted Sep 26, 2012 11:38 AM

    Found the problem I think.  I had 802.11k enabled.  Disabling it fixed the issue with the 3DSs.  Unfortunately the student with the Kindle Fire never stopped back down.



  • 8.  RE: new Kindle Fire and Nintendo 3Ds

    EMPLOYEE
    Posted Sep 26, 2012 11:40 AM

    theflakes,

     

    Thanks for that solution!

     



  • 9.  RE: new Kindle Fire and Nintendo 3Ds

    Posted Sep 26, 2012 01:40 PM

    802.11k wasn't the problem.

     

    "Advertise 802.11d and 802.11h Capabilities"

     

    The above ended up being the real culprit on the 802.11g radio profile.  Disabled it and the connection on the problem device has been steady.  I have not tested re-enabling 802.11k as that can cause problems with other clients that don't support it.  Therefore I'd just rather keep it off.