Wrong roles being assigned to users

bcrawfo2
Occasional Contributor II

Wrong roles being assigned to users

This is a followup to my post from a few weeks ago that was titled "Content block when it shouldn't".   I believe my issue is more fundamental and want to get some better visibility on it.

I finally opened a case when a user was working perfectly, but then lost their IP address (self assigned 169.254.x.x).   My support case was slow and didn't get any results except to disconnect the client via CLI, which resolved the problem.  They observed the client in a pre-auth role, but didn't seem concerned about this.
Here are a  few examples that make me believe this is a much bigger problem.
 
In my home, I have several SSIDs….one being for the adults and another for my children.   The children SSID has certain categories blocked, while the adult one does not.    I’ve observed a user on the adult SSID being blocked from web content that corresponds to the blocks on the children SSID.
Another example….from time to time, a client will experience poor performance.   I’ll run a speedtest and find 1mb up/down (a characteristic of my guest network).   If I disable wifi and re-enable, performance jumps back up to 300+mb.   To prove this point, the other day I upped the guest rate to 5mb.   Last night, a non-guest user speedtest ran at 5mb up/down.  Again, turning off wifi and turning it back on restored service.
 
I’m very concerned about the functionality of the Instant-On platform.    What roles/access are actually being assigned to my users....to the guests that I allow open access to?   It's clearly not what I've configured for them.
0 Kudos
3 Replies
Employee
Employee

Re: Wrong roles being assigned to users

Hi 

That is certainly not the way content blocking is supposed to work on Instant On. This seems like a bug.

Appreciate your patience, please contact support and they will be able to help resolve the issue

0 Kudos
bcrawfo2
Occasional Contributor II

Re: Wrong roles being assigned to users

Additional background for posterity.

I opened the case with Aruba and recreate the problem on two separate occasions for their engineers (1st level and after I had it escalated).    They opened an engineering ticket and asked me to recreate it again.   

Unfortunately (or luckily)....I came into some campus APs and a controller and switched to that gear.   I still have a pair of the InstantOn APs up, but had disabled the SSIDs.   Now Aruba TAC has come to me asking to again duplicate the problem.   I've re-enabled some SSIDs but am unable to duplicate the problem yet.   I'll keep trying.

I will ask everyone to keep an eye out.   The symptoms were very easy to miss.   I saw it because a user couldn't access my Sonos system (the problem went away when I disabled wifi and turned it back on).   Another case had a user getting only 1mb of upload/download (again...cleared by disabling/re-enabling).   I believe these were both cases where an "employee" was placed in a guest role.    The last case was as described in my initial post, where an employee was placed in the wrong employee role (again...cleared easily).

I'll add one more point.   Aruba engineers were clearly able to see that the wrong role was being assigned to the users.   It is NOT a case of misconfiguration or user error.  

0 Kudos
bcrawfo2
Occasional Contributor II

Re: Wrong roles being assigned to users

Per my Aruba engineer...

"Engineering team was able to re-produce the issue, and they found the root cause. It is an issue with ASAP_mod module sending ACL Index.

 

Engineering working on to fix it. I will keep you posted with update."

0 Kudos