Oddly enough, the student was out of town for the past weekend, came back today, and it’s working just fine.
By “OK”, that is what the freeradius logs were showing; for our two 802.1X SSID’s, our freeradius server checks our AD for username/password, and then returns to the WiSM-2 clusters “staff”, “student” or “visitor”. It was authenticating and authorizing the student previously, but I never saw a DHCPDISCOVER for his phone’s MAC address. Today, I am. No changes were made on my WiSM-2’s, SSID’s, radius servers, or DHCP servers. And, like I said, it wasn’t even doing DHCP on the OPEN (captive portal) SSID. Very strange. From: Jeremy Mooney [mailto:j-moo...@bethel.edu] Sent: Tuesday, March 14, 2017 1:00 PM To: dannyea...@rice.edu Cc: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@listserv.educause.edu> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? By OK do you mean a Radius access-accept? That is an authorization, but doesn't necessarily imply any additional access parameters are appropriately set (or not sent). We've seen this cause issues with eduroam roaming before, but this can happen both on 802.1x and open (captive portal is often implemented with AAA via MAC). Are you able have the dump what the wireless controller sees for parameters and compare with a successful authentication? Or test on a wireless lan without AAA overrides? FWIW, I'm running a Nexus 6P on 7.1.1 and no issues on our 802.1x (eduroam) or open captive portal SSIDs. We have Cisco WLCs against ISE. On Mon, Mar 13, 2017 at 2:30 PM, Danny Eaton <dannyea...@rice.edu <mailto:dannyea...@rice.edu> > wrote: I’m looking at the DHCP server for the DHCPDISCOVER conversation, and never see his MAC address show up. I do see the “Login OK” appear in our freeradius logs, and his credentials work on his laptop, and the laptop gets an IP address without any issues. The phone doesn’t work on our Open (captive portal) either, and I’ve checked both sets of WiSM-2 HA Clusters, his MAC address is not quarantined (if it was, it wouldn’t ever appear in the radius logs as “Login OK”). From: Jeremy Mooney [mailto: <mailto:j-moo...@bethel.edu> j-moo...@bethel.edu] Sent: Monday, March 13, 2017 2:13 PM To: <mailto:dannyea...@rice.edu> dannyea...@rice.edu Cc: The EDUCAUSE Wireless Issues Constituent Group Listserv < <mailto:WIRELESS-LAN@listserv.educause.edu> WIRELESS-LAN@listserv.educause.edu> Subject: Re: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? Ar e you only looking on the DHCP server for the discover? Could a radius server be returning an option setting an incorrect VLAN or specific ACL for the client causing it to be dropped at the AP/WLC level? If it's happening on an open network it'd probably have to be hitting a MAC-based rather than user-based access rule (or possibly profiled and put in a blocked group). On Mon, Mar 13, 2017 at 12:40 PM, Danny Eaton <dannyea...@rice.edu <mailto:dannyea...@rice.edu> > wrote: It’s set to not validate the radius-server certificate; and like I said, it’s authenticating, just not doing the DHCPDISCOVER; I never see it in the DHCP server logs. From: Shayne Ghere [mailto:sgh...@fsmail.bradley.edu <mailto:sgh...@fsmail.bradley.edu> ] Sent: Monday, March 13, 2017 12:36 PM To: dannyea...@rice.edu <mailto:dannyea...@rice.edu> ; WIRELESS-LAN@listserv.educause.edu <mailto:WIRELESS-LAN@listserv.educause.edu> Subject: RE: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? If you’re using certs, there’s a setting under CA Certificate that you have to set as “Do not validate” and it will then DHCP. I have a Pixel XL and that’s the only way I can get 802.1x working on my phone. Shayne From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU <mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> ] On Behalf Of Danny Eaton Sent: Monday, March 13, 2017 12:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Android 7.1.1 and DHCP issues? So, I’ve got one client (1!) who is running Android 7.1.1 and no matter which network (our 802.1X, eduroam, or even the “open” captive portal SSID) the user tries to connect into, he gets authenticated (on eduroam and our 802.1X SSID), but we never see a DHCPDISCOVER from his phone; it passes the AAA (802.1X), but will just not get an IP. Thoughts? (other devices work just fine). ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educ ause.edu/discuss <http://www.educause.edu/discuss> . wbr >58c6d86b151612066850947! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. -- Jeremy Mooney ITS - Bethel University wbr>58c6ef36151611738848632! -- Jeremy Mooney ITS - Bethel University !DSPAM:109,58c82f9f151612143818485! ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
