Security

Hi All, 

Running 6.10.6

We noticed an issue when either creating a MPSK or a guest onboarding there is a 5 minute delay in the correct role being returned to Aruba IAPs.

For a few minutes CPPM logs show the username as the host device's MAC and the output shows the Default Role which IAPs does nothing with. The host device will return a bad password during this time. 

After/upto 5 minutes it will then connect with the MPSK and be given the correct role and connect. 

We're seeing similar from the captive portal processing guest logons too. The form is completed and sent to the sponsor; the sponsor approves but in the meantime the captive portal will reload and go through guest onboarding again.

To resolve this issue we noticed insight was not enabled on either Pub or sub. We enabled it on subscriber and made it the master. 

Can someone please confirm what the behaviour is with insight enabled and disabled?
Is the insight or guest module used in some part of the guest process?
When you create the guest services using the wizard does it create profiles that reference the guest or insight modules?

When a cluster is split or we we need to remove the sub and re-add it, do we need to turn on the insight module again in future and does it disable itself?

I hope someone can advise me on this and I am looking forward to your response. 

Insight shouldn't have anything to do with what you describe here.  My guess is that enabling Insight Service/Database on the nodes caused some sort of service restart that solved your actual issue.
Original Message:
Sent: Nov 07, 2022 06:11 AM
From: Inzamam Shahid
Subject: CPPM Insight question

Hi All,

Running 6.10.6

We noticed an issue when either creating a MPSK or a guest onboarding there is a 5 minute delay in the correct role being returned to Aruba IAPs.

For a few minutes CPPM logs show the username as the host device's MAC and the output shows the Default Role which IAPs does nothing with. The host device will return a bad password during this time. 

After/upto 5 minutes it will then connect with the MPSK and be given the correct role and connect. 

We're seeing similar from the captive portal processing guest logons too. The form is completed and sent to the sponsor; the sponsor approves but in the meantime the captive portal will reload and go through guest onboarding again.

To resolve this issue we noticed insight was not enabled on either Pub or sub. We enabled it on subscriber and made it the master.

Can someone please confirm what the behaviour is with insight enabled and disabled?
Is the insight or guest module used in some part of the guest process?
When you create the guest services using the wizard does it create profiles that reference the guest or insight modules?

When a cluster is split or we we need to remove the sub and re-add it, do we need to turn on the insight module again in future and does it disable itself?

I hope someone can advise me on this and I am looking forward to your response.