We are an Aruba shop and had similar issues with TLS1.2 after the November update. Turns out our controller software didn't support TLS 1.2 while our Clearpass radius server did. Since we terminated authentication to the controller, the radius server never even received an Auth attempt. Termination at the Clearpass server resolved the issue in a couple clicks. Stephen Oglesby Network and Telecommunications Architect Aims Community College 5401 W. 20th Street Greeley, CO 80634 970.339.6350 (Office) [email protected]
On Dec 7, 2015 2:41 PM, "Turner, Ryan H" <[email protected]> wrote: > Well, a lot of us rushed to get the TLS 1.2 fix about a month or so ago. > We recently found out that one of our servers, while patched, was still not > working for TLS 1.2 when the latest Windows 10 patch turned on TLS 1.2. > Even though the 2.2.8.1 (I think that was the freeRadius rev) was > installed, apparently some left over packages from the previous install was > causing problems. That caused us some heart ache last week. > > > > To verify that it is ‘likely’ a TLS 1.2 issue, you should see a successful > radius authentication for the connection attempt in your logs, then you > would not see a corresponding DHCP request. > > > > Ryan > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > [email protected]] *On Behalf Of *Hart, Michael > *Sent:* Monday, December 07, 2015 4:25 PM > *To:* [email protected] > *Subject:* [WIRELESS-LAN] Issue with Android Marshmallow? > > > > My networking team is receiving multiple reports of users who have moved > to Marshmallow being unable to authenticate and gain access to our > wireless. I was wondering if anyone else in the community has dealt with > this issue. As a new member of the listserv, I apologize if this is a > repeat of an issue someone else has raised. Pertinent information is > listed below: > > > > One of our more motivated users reports: > > > > So I was able to get connected into the WiFi. I did some searching online > for articles related to this, the biggest one I found was that older Radius > versions running TLS 1.0. Android Marshmallow run/forces TLS 1.2, which > is unsupported by old RADIUS versions. The full forum reading I've found > is here <https://code.google.com/p/android/issues/detail?id=188867#c29>. > I'm not sure if this has anything to do with our network but it's worth > looking into. > > As for the fix, on my Nexus 6P I went into Developer options and was able > to enable "Legacy DHCP clients" under the networking section. This forces > the device to run DHCP from Andriod Lollipop instead of Marshmallow. I > then forgot the network settings for MetroState, restarted the device, and > re-configured the connection in WiFi Settings. I am able to connect to the > WiFi and am getting a stable connection. I will watch the connectivity > over the next few days to see if this is a work around. > > I have attached SS from my phone to show where the options are, in order > to get into Developer option you must tap the "Build number" menu in the > Settings>About Phone menu, until the phone says, "You are now a > developer!". The developer options will then show above the "About Phone" > menu option in settings. > > > > Our Windows Radius server has TLS 1.2 enabled, and has been fully patched. > > > > We’re set for 802.1x, PEAP, MSCHAPv2. > > > > *Mike Hart | CISO, Director of ITS Security, Infrastructure, and > Networking* > > *Metropolitan State University of Denver Information Technology Services* > Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362 > Admin Building - 1201 5th Street 480E Denver, CO 80204 > 303-556-5074 (Office) > 303-352-7548 (Help Desk) > [email protected] | www.msudenver.edu/technology > > > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
