RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
Oddly enough, the student was out of town for the past weekend, came back today, and it’s working just fine. By “OK”, that is what the freeradius logs were showing; for our two 802.1X SSID’s, our freeradius server checks our AD for username/password, and then returns to the WiSM-2 clusters “staff”, “student” or “visitor”. It was authenticating and authorizing the student previously, but I never saw a DHCPDISCOVER for his phone’s MAC address. Today, I am. No changes were made on my WiSM-2’s, SSID’s, radius servers, or DHCP servers. And, like I said, it wasn’t even doing DHCP on the OPEN (captive portal) SSID. Very strange. From: Jeremy Mooney [mailto:j-moo...@bethel.edu] Sent: Tuesday, March 14, 2017 1:00 PM To: dannyea...@rice.edu Cc: The EDUCAUSE Wireless Issues Constituent Group Listserv Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? By OK do you mean a Radius access-accept? That is an authorization, but doesn't necessarily imply any additional access parameters are appropriately set (or not sent). We've seen this cause issues with eduroam roaming before, but this can happen both on 802.1x and open (captive portal is often implemented with AAA via MAC). Are you able have the dump what the wireless controller sees for parameters and compare with a successful authentication? Or test on a wireless lan without AAA overrides? FWIW, I'm running a Nexus 6P on 7.1.1 and no issues on our 802.1x (eduroam) or open captive portal SSIDs. We have Cisco WLCs against ISE. On Mon, Mar 13, 2017 at 2:30 PM, Danny Eaton mailto:dannyea...@rice.edu> > wrote: I’m looking at the DHCP server for the DHCPDISCOVER conversation, and never see his MAC address show up. I do see the “Login OK” appear in our freeradius logs, and his credentials work on his laptop, and the laptop gets an IP address without any issues. The phone doesn’t work on our Open (captive portal) either, and I’ve checked both sets of WiSM-2 HA Clusters, his MAC address is not quarantined (if it was, it wouldn’t ever appear in the radius logs as “Login OK”). From: Jeremy Mooney [mailto: <mailto:j-moo...@bethel.edu> j-moo...@bethel.edu] Sent: Monday, March 13, 2017 2:13 PM To: <mailto:dannyea...@rice.edu> dannyea...@rice.edu Cc: The EDUCAUSE Wireless Issues Constituent Group Listserv < <mailto:WIRELESS-LAN@listserv.educause.edu> WIRELESS-LAN@listserv.educause.edu> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Ar e you only looking on the DHCP server for the discover? Could a radius server be returning an option setting an incorrect VLAN or specific ACL for the client causing it to be dropped at the AP/WLC level? If it's happening on an open network it'd probably have to be hitting a MAC-based rather than user-based access rule (or possibly profiled and put in a blocked group). On Mon, Mar 13, 2017 at 12:40 PM, Danny Eaton mailto:dannyea...@rice.edu> > wrote: It’s set to not validate the radius-server certificate; and like I said, it’s authenticating, just not doing the DHCPDISCOVER; I never see it in the DHCP server logs. From: Shayne Ghere [mailto:sgh...@fsmail.bradley.edu <mailto:sgh...@fsmail.bradley.edu> ] Sent: Monday, March 13, 2017 12:36 PM To: dannyea...@rice.edu <mailto:dannyea...@rice.edu> ; WIRELESS-LAN@listserv.educause.edu <mailto:WIRELESS-LAN@listserv.educause.edu> Subject: RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? If you’re using certs, there’s a setting under CA Certificate that you have to set as “Do not validate” and it will then DHCP. I have a Pixel XL and that’s the only way I can get 802.1x working on my phone. Shayne From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educ ause.edu/discuss <http://www.educause.edu/discuss> . wbr >58c6d86b151612066850947! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. -- Jeremy Mooney ITS - Bethel University wbr>58c6ef3615161173
Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
By OK do you mean a Radius access-accept? That is an authorization, but doesn't necessarily imply any additional access parameters are appropriately set (or not sent). We've seen this cause issues with eduroam roaming before, but this can happen both on 802.1x and open (captive portal is often implemented with AAA via MAC). Are you able have the dump what the wireless controller sees for parameters and compare with a successful authentication? Or test on a wireless lan without AAA overrides? FWIW, I'm running a Nexus 6P on 7.1.1 and no issues on our 802.1x (eduroam) or open captive portal SSIDs. We have Cisco WLCs against ISE. On Mon, Mar 13, 2017 at 2:30 PM, Danny Eaton wrote: > I’m looking at the DHCP server for the DHCPDISCOVER conversation, and > never see his MAC address show up. > > > > I do see the “Login OK” appear in our freeradius logs, and his credentials > work on his laptop, and the laptop gets an IP address without any issues. > The phone doesn’t work on our Open (captive portal) either, and I’ve > checked both sets of WiSM-2 HA Clusters, his MAC address is not quarantined > (if it was, it wouldn’t ever appear in the radius logs as “Login OK”). > > > > *From:* Jeremy Mooney [mailto:j-moo...@bethel.edu] > *Sent:* Monday, March 13, 2017 2:13 PM > *To:* dannyea...@rice.edu > *Cc:* The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@listserv.educause.edu> > *Subject:* Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? > > > > Are you only looking on the DHCP server for the discover? Could a radius > server be returning an option setting an incorrect VLAN or specific ACL for > the client causing it to be dropped at the AP/WLC level? If it's happening > on an open network it'd probably have to be hitting a MAC-based rather than > user-based access rule (or possibly profiled and put in a blocked group). > > > > On Mon, Mar 13, 2017 at 12:40 PM, Danny Eaton wrote: > > It’s set to not validate the radius-server certificate; and like I said, > it’s authenticating, just not doing the DHCPDISCOVER; I never see it in the > DHCP server logs. > > > > > > > > *From:* Shayne Ghere [mailto:sgh...@fsmail.bradley.edu] > *Sent:* Monday, March 13, 2017 12:36 PM > *To:* dannyea...@rice.edu; WIRELESS-LAN@listserv.educause.edu > *Subject:* RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? > > > > If you’re using certs, there’s a setting under CA Certificate that you > have to set as “Do not validate” and it will then DHCP. > > > > I have a Pixel XL and that’s the only way I can get 802.1x working on my > phone. > > > > Shayne > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Danny Eaton > *Sent:* Monday, March 13, 2017 12:20 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] Android 7.1.1 and DHCP issues? > > > > > > So, I’ve got one client (1!) who is running Android 7.1.1 and no matter > which network (our 802.1X, eduroam, or even the “open” captive portal SSID) > the user tries to connect into, he gets authenticated (on eduroam and our > 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the > AAA (802.1X), but will just not get an IP. Thoughts? (other devices work > just fine). > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educ > ause.edu/discuss <http://www.educause.edu/discuss>. > > wbr>58c6d86b151612066850947! > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > > > > > -- > > Jeremy Mooney > > ITS - Bethel University > > !DSPAM:109,58c6ef36151611738848632! > -- Jeremy Mooney ITS - Bethel University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
Well, that's the thing; if I put it on a MiFi, it works just fine (or tether it to my phone, etc.). However, the student SAYS it used to work, so I'm thinking there was an update (he is running 7.1.1, and my Android phone (Galaxy S7 Edge) is running 7.0, and works just fine. 7.0 From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson Sent: Monday, March 13, 2017 2:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Are you sure the phone is sending DHCP Discover packets? You mentioned it's not working on the open SSID, you may want to try connecting the phone to the open SSID and capture OTA packets to see what it's doing and start from there and move towards the DHCP server. -Kanan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas Sent: Monday, March 13, 2017 3:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Danny, Try adding the domain in the profile for which the cert was issued From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I've got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the "open" captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discus s&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI 3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=14J_qAxNWJ38eB8OVIetmO5ptTw6ohpruHlEeNxZobQ&s=U UsErU9xQ-ifyze-VjMMrMpLPr9DVTZes_mjOlhMyVQ&e=> . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. !DSPAM:109,58c6fce6151619033921409! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
We have 2 DHCP servers that load-balance. They are ISC (currently, we're going to move to Infoblox, hopefully over the summer). The phone (per the user): It is a Google Nexus 6P. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson Sent: Monday, March 13, 2017 9:00 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? How many dhcp servers do you have and do you have multiple routes? Let us know what you find. Thanks, Kanan _ From: The EDUCAUSE Wireless Issues Constituent Group Listserv mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> > on behalf of Danny Eaton mailto:dannyea...@rice.edu> > Sent: Monday, March 13, 2017 4:45:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Yup; that's my next plan. Was just hoping someone else had seen something. The phone works on a personal wireless (hot spot), but just doesn't seem to want to do DHCP here on campus. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson Sent: Monday, March 13, 2017 2:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Are you sure the phone is sending DHCP Discover packets? You mentioned it's not working on the open SSID, you may want to try connecting the phone to the open SSID and capture OTA packets to see what it's doing and start from there and move towards the DHCP server. -Kanan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas Sent: Monday, March 13, 2017 3:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Danny, Try adding the domain in the profile for which the cert was issued From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I've got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the "open" captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discus s&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI 3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=14J_qAxNWJ38eB8OVIetmO5ptTw6ohpruHlEeNxZobQ&s=U UsErU9xQ-ifyze-VjMMrMpLPr9DVTZes_mjOlhMyVQ&e=> . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. !DSPAM:109,58c74efa151611249487339! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
How many dhcp servers do you have and do you have multiple routes? Let us know what you find. Thanks, Kanan From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Danny Eaton Sent: Monday, March 13, 2017 4:45:14 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Yup; that’s my next plan. Was just hoping someone else had seen something. The phone works on a personal wireless (hot spot), but just doesn’t seem to want to do DHCP here on campus. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson Sent: Monday, March 13, 2017 2:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Are you sure the phone is sending DHCP Discover packets? You mentioned it’s not working on the open SSID, you may want to try connecting the phone to the open SSID and capture OTA packets to see what it’s doing and start from there and move towards the DHCP server. -Kanan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas Sent: Monday, March 13, 2017 3:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Danny, Try adding the domain in the profile for which the cert was issued From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=14J_qAxNWJ38eB8OVIetmO5ptTw6ohpruHlEeNxZobQ&s=UUsErU9xQ-ifyze-VjMMrMpLPr9DVTZes_mjOlhMyVQ&e=>. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. !DSPAM:109,58c6fce6151619033921409! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
Yup; that's my next plan. Was just hoping someone else had seen something. The phone works on a personal wireless (hot spot), but just doesn't seem to want to do DHCP here on campus. From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kanan E Simpson Sent: Monday, March 13, 2017 2:59 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Are you sure the phone is sending DHCP Discover packets? You mentioned it's not working on the open SSID, you may want to try connecting the phone to the open SSID and capture OTA packets to see what it's doing and start from there and move towards the DHCP server. -Kanan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas Sent: Monday, March 13, 2017 3:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Danny, Try adding the domain in the profile for which the cert was issued From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I've got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the "open" captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discus s&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI 3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=14J_qAxNWJ38eB8OVIetmO5ptTw6ohpruHlEeNxZobQ&s=U UsErU9xQ-ifyze-VjMMrMpLPr9DVTZes_mjOlhMyVQ&e=> . ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. !DSPAM:109,58c6fce6151619033921409! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
Are you sure the phone is sending DHCP Discover packets? You mentioned it's not working on the open SSID, you may want to try connecting the phone to the open SSID and capture OTA packets to see what it's doing and start from there and move towards the DHCP server. -Kanan From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of McClintic, Thomas Sent: Monday, March 13, 2017 3:31 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Danny, Try adding the domain in the profile for which the cert was issued From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I've got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the "open" captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=14J_qAxNWJ38eB8OVIetmO5ptTw6ohpruHlEeNxZobQ&s=UUsErU9xQ-ifyze-VjMMrMpLPr9DVTZes_mjOlhMyVQ&e=>. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
Danny, Try adding the domain in the profile for which the cert was issued From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I've got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the "open" captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss&d=DQMFAg&c=6vgNTiRn9_pqCD9hKx9JgXN1VapJQ8JVoF8oWH1AgfQ&r=rYfqH_8oTvcXxRxUI3x3m3Y7Nwgir7tnuoGbdZsrUM4&m=14J_qAxNWJ38eB8OVIetmO5ptTw6ohpruHlEeNxZobQ&s=UUsErU9xQ-ifyze-VjMMrMpLPr9DVTZes_mjOlhMyVQ&e=>. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
I’m looking at the DHCP server for the DHCPDISCOVER conversation, and never see his MAC address show up. I do see the “Login OK” appear in our freeradius logs, and his credentials work on his laptop, and the laptop gets an IP address without any issues. The phone doesn’t work on our Open (captive portal) either, and I’ve checked both sets of WiSM-2 HA Clusters, his MAC address is not quarantined (if it was, it wouldn’t ever appear in the radius logs as “Login OK”). From: Jeremy Mooney [mailto:j-moo...@bethel.edu] Sent: Monday, March 13, 2017 2:13 PM To: dannyea...@rice.edu Cc: The EDUCAUSE Wireless Issues Constituent Group Listserv Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Are you only looking on the DHCP server for the discover? Could a radius server be returning an option setting an incorrect VLAN or specific ACL for the client causing it to be dropped at the AP/WLC level? If it's happening on an open network it'd probably have to be hitting a MAC-based rather than user-based access rule (or possibly profiled and put in a blocked group). On Mon, Mar 13, 2017 at 12:40 PM, Danny Eaton mailto:dannyea...@rice.edu> > wrote: It’s set to not validate the radius-server certificate; and like I said, it’s authenticating, just not doing the DHCPDISCOVER; I never see it in the DHCP server logs. From: Shayne Ghere [mailto:sgh...@fsmail.bradley.edu <mailto:sgh...@fsmail.bradley.edu> ] Sent: Monday, March 13, 2017 12:36 PM To: dannyea...@rice.edu <mailto:dannyea...@rice.edu> ; WIRELESS-LAN@listserv.educause.edu <mailto:WIRELESS-LAN@listserv.educause.edu> Subject: RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? If you’re using certs, there’s a setting under CA Certificate that you have to set as “Do not validate” and it will then DHCP. I have a Pixel XL and that’s the only way I can get 802.1x working on my phone. Shayne From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educ ause.edu/discuss <http://www.educause.edu/discuss> . wbr>58c6d86b151612066850947! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. -- Jeremy Mooney ITS - Bethel University !DSPAM:109,58c6ef36151611738848632! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
Are you only looking on the DHCP server for the discover? Could a radius server be returning an option setting an incorrect VLAN or specific ACL for the client causing it to be dropped at the AP/WLC level? If it's happening on an open network it'd probably have to be hitting a MAC-based rather than user-based access rule (or possibly profiled and put in a blocked group). On Mon, Mar 13, 2017 at 12:40 PM, Danny Eaton wrote: > It’s set to not validate the radius-server certificate; and like I said, > it’s authenticating, just not doing the DHCPDISCOVER; I never see it in the > DHCP server logs. > > > > > > > > *From:* Shayne Ghere [mailto:sgh...@fsmail.bradley.edu] > *Sent:* Monday, March 13, 2017 12:36 PM > *To:* dannyea...@rice.edu; WIRELESS-LAN@listserv.educause.edu > *Subject:* RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? > > > > If you’re using certs, there’s a setting under CA Certificate that you > have to set as “Do not validate” and it will then DHCP. > > > > I have a Pixel XL and that’s the only way I can get 802.1x working on my > phone. > > > > Shayne > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Danny Eaton > *Sent:* Monday, March 13, 2017 12:20 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* [WIRELESS-LAN] Android 7.1.1 and DHCP issues? > > > > > > So, I’ve got one client (1!) who is running Android 7.1.1 and no matter > which network (our 802.1X, eduroam, or even the “open” captive portal SSID) > the user tries to connect into, he gets authenticated (on eduroam and our > 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the > AAA (802.1X), but will just not get an IP. Thoughts? (other devices work > just fine). > > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educ > ause.edu/discuss <http://www.educause.edu/discuss>. > > !DSPAM:109,58c6d86b151612066850947! > ** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > -- Jeremy Mooney ITS - Bethel University ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
It’s set to not validate the radius-server certificate; and like I said, it’s authenticating, just not doing the DHCPDISCOVER; I never see it in the DHCP server logs. From: Shayne Ghere [mailto:sgh...@fsmail.bradley.edu] Sent: Monday, March 13, 2017 12:36 PM To: dannyea...@rice.edu; WIRELESS-LAN@listserv.educause.edu Subject: RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? If you’re using certs, there’s a setting under CA Certificate that you have to set as “Do not validate” and it will then DHCP. I have a Pixel XL and that’s the only way I can get 802.1x working on my phone. Shayne From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educ ause.edu/discuss <http://www.educause.edu/discuss> . !DSPAM:109,58c6d86b151612066850947! ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues?
If you’re using certs, there’s a setting under CA Certificate that you have to set as “Do not validate” and it will then DHCP. I have a Pixel XL and that’s the only way I can get 802.1x working on my phone. Shayne *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Danny Eaton *Sent:* Monday, March 13, 2017 12:20 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
