Consumer Smart Devices Not Connecting to Guest Wifi

Overview

This article will detail how to troubleshoot and resolve Consumer Devices such as Smart Devices, Game Consoles, etc. that are refusing to connect to the NCU-Guest Wireless network. Occassionally after registering a device or after an outage, devices will either re-pick up a Guest role within Clearpass, or will duplicate their configuration, which causes conflictions. The general fix is to check and ensure they are not assigned a guest role, then forcefully disconnect them from the Controller via the Command Line Interface. Once disconnected, they will automatically reconnect with updated and correct configurations. 

When a user submits a ticket regarding their device, be sure to grab the Wireless Mac Address from them, as we will be using that for all troubleshooting purposes.

Why this Occurs

The main reason why a user's device struggles to connect to the network is because they attempt to connect their device to NCU-Guest before registering it to the network. This causes it to create a guest profile for their device which tries to force them to create a Guest account. Students should not sign up for accounts for their consumer devices. This will cause their device to only work for a week, then time out again when the account expires. 

Clearpass

When a user contacts the Service Desk stating that their device is no longer connecting to the Guest Wireless, the first thing you will need to check is Clearpass Guest to ensure that they have actually registered their device with the correct Mac Address. 

1. Login to Clearpass by going to https://liberty.northcentral.edu. Credentials are in LastPass.
2. Once Signed in, select the Menu button located at the top-right, then select Guest.
3. Select Manage Device from the left-side menu.
4. In the Search Box, enter the Mac Address in this format: AA-BB-CC-12-34-56. Use Dashses (-) instead of Colons (:).
   • If their device does not show up, either inform them to register their device, or register it on their behalf.
   • If their device shows up, select it, then select Edit. 
5. Ensure the following is set:
   • Activation: Account is active
   • Role: NCU_Student_IOT (NCU_Owned_IOT for NCU owned smart devices)
   • Vlan: Student (Employee Wired for NCU Owned devices).
6. Click Update Device.

Once that is complete, we will need to ensure that the device is not configured with a Guest Role. The Guest Role will force them to register an account through the Captive Portal. Smart Devices are unable to bring up this page. 

1. Login to Clearpass by going to https://liberty.northcentral.edu. Credentials are in LastPass.
2. Once Signed in, select the Menu button located at the top-right, then select Policy Manager.
3. Expand the Configuration tab. Expand the Identity tab. Select Endpoints.
4. In the Search Box, search for the Mac Address in this format: AABBCC123456. Do not include colons or dashes.
5. Click on the result, then select the Attributes tab.
6. If you see an option for Guest Role ID = 2, select the Trash Can Icon next to it to delete it. 
7. Click Save.

If you bring up the endpoint, and the Status is listed as Unknown, it is not correctly being profiled. Select the Checkbox next to the device, then select the red Delete option. Once done, have the user forget the network on their device then re-attempt to connect.

If you bring up the endpoint, and the Device Category and Device OS Family are incorrect, adjust them to the proper configuration by selecting the result, then adjusting the Device Category, Device OS Family, and Device Name to the proper settings. 

Once completed, it may take upwards of 24 hours for the device to receive the updated configuration. However, Komla or Aaron can forcefully remove the device from controller by accessing it via the Command Line Interface.

Command Line Interface

1. Run Putty

2. In the Host Name box, enter Quartz, then hit Open.

   1. If any boxes or notifications pop up, say Yes, Accept, Okay, or whatever allows you to proceed. It's simply notifying you that it may be an insecure connection due to the certificates.

3. Login using admin credentials located in Last Pass.

   • It will not display the password as you are typing it.

4. Connect to the first controller by typing cd onyx then hit enter.

5. Remote in by typing mdc then hit enter. 

   • This will allow you to access the CLI for Onyx. 

6. Remove the device by entering the following command: aaa user delete mac [Mac Address]. 

   • Enter the Mac Address in the following format: aa:bb:cc:12:34:56. Be sure to use Colons and lowercase letters.

7. Hit enter. 

8. Repeat the command a few times to ensure it gets removed. You can do this by hitting Up Arrow ↑, which will bring up the previous used command then enter a few times. 

If the device was connected to that controller, it will show 1 users deleted. If it was not connected to the controller, it will show 0 users deleted. If there were conflicting configurations battling for each other, it will show 2 users deleted. Regardless of what it shows, we should also run the command on the next controller to ensure that there is no conflicting configuration there either. 

1. Enter the command Exit to get back to Quartz.

2. Connect to the next controller by typing cd ribbon then hit enter.

3. Remote in by typing mdc then hit enter. 

4. Remove the device by entering the following command: aaa user delete mac [Mac Address]. 

   • Enter the Mac Address in the following format: aa:bb:cc:12:34:56. Be sure to use Colons and lowercase letters.

5. Repeat the command a few times to ensure it gets removed. 

Once completed, the device should then be able to connect to the network. Contact the user and ask them to forget the network on their device, then re-attempt to connect. Usually, they are not required to forget the network, but it is generally not bad to do anyways.