Security

Hi All,

We would like to use MPSK for company phones with captive portal device registration to automate the registration process. With IPhone mobiles it works perfectly because there is an option to turn off the random mac feature before we connect to the device registration captive portal based SSID. But on the Android phones there is option to do that only if we already authenticate to an SSID. So our problem is if we connect to the captive portal SSID with random mac (no other option) the ClearPass will register the device with a virtual mac, and on the MPSK SSID connect to a different one or physical one but it will be not match what we provide on the device reg portal.

So is there any option to handle this  behavior or is it know issue with Android phones?

Br.,
Cs

Unfortunately, the random MAC is tied to the SSID on the phone. SSID1 always uses the same random MAC, and SSID 2 will be the same. I would suggest implementing a Captive Portal (it can be the same as guest) on the MPSK SSID as the default or initial role. Once they register, they can either be pointed to the same MACAuth Service as Guest, or you can create a copy as an MPSK MACAuth Service. This is assuming you already have Guest Web logging with MAC Caching set up already.

------------------------------
Dustin Burns

Lead Mobility Engineer @Worldcom Exchange, Inc.

ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------

Original Message:
Sent: Sep 02, 2022 07:52 AM
From: Zsolt Kardos
Subject: Random MAC, MPSK, device registration problem

Hi All,

We would like to use MPSK for company phones with captive portal device registration to automate the registration process. With IPhone mobiles it works perfectly because there is an option to turn off the random mac feature before we connect to the device registration captive portal based SSID. But on the Android phones there is option to do that only if we already authenticate to an SSID. So our problem is if we connect to the captive portal SSID with random mac (no other option) the ClearPass will register the device with a virtual mac, and on the MPSK SSID connect to a different one or physical one but it will be not match what we provide on the device reg portal.

So is there any option to handle this  behavior or is it know issue with Android phones?

Br.,
Cs

Deploy an MDM
Original Message:
Sent: Sep 02, 2022 07:52 AM
From: Zsolt Kardos
Subject: Random MAC, MPSK, device registration problem

Hi All,

We would like to use MPSK for company phones with captive portal device registration to automate the registration process. With IPhone mobiles it works perfectly because there is an option to turn off the random mac feature before we connect to the device registration captive portal based SSID. But on the Android phones there is option to do that only if we already authenticate to an SSID. So our problem is if we connect to the captive portal SSID with random mac (no other option) the ClearPass will register the device with a virtual mac, and on the MPSK SSID connect to a different one or physical one but it will be not match what we provide on the device reg portal.

So is there any option to handle this  behavior or is it know issue with Android phones?

Br.,
Cs

Hi,

Adding to Dustin's great response here.

There should be a default logon profile that gets created (when you use the template). This template should have asked for a default MPSK password and default role during setup. Now I have since removed this, but when we first started testing MPSK we used this to initially onboard some random MAC devices like this. You also, should have set this password in the controller (or IAP).

I would just set the default role to something with a captive portal in the controller that aids you with onboarding as Dustin stated.
Original Message:
Sent: Sep 02, 2022 07:52 AM
From: Zsolt Kardos
Subject: Random MAC, MPSK, device registration problem

Hi All,

We would like to use MPSK for company phones with captive portal device registration to automate the registration process. With IPhone mobiles it works perfectly because there is an option to turn off the random mac feature before we connect to the device registration captive portal based SSID. But on the Android phones there is option to do that only if we already authenticate to an SSID. So our problem is if we connect to the captive portal SSID with random mac (no other option) the ClearPass will register the device with a virtual mac, and on the MPSK SSID connect to a different one or physical one but it will be not match what we provide on the device reg portal.

So is there any option to handle this  behavior or is it know issue with Android phones?

Br.,
Cs