Most devices connected to a new wired network switch will be automatically configured for use. Find solutions to potential configuration problems.
Web browsing attempts do not get redirected to the captive portal.
The device has not had it's MAC address registered, and it is configured with a static IP address. Register the MAC address from a 3rd party machine, and/or convert the device to DHCP to get a usable network address for the VLAN that it is in.
The selected VLAN is changed within the registration record for a device that is already connected to the network, but the device seems to be stuck on the old VLAN despite ipconfig /release /renew, disconnecting and reconnecting the network cable, and even rebooting the machine.
The cause is a device (teaching station switch, miniswitch, VoIP phone, etc.) in between the user device and our UB network.
When the VLAN is changed within the registration record of a given device, Clearpass does not send a Change of Authority (CoA) message to the UB switch like it does during the captive portal onboarding process. Rather, the only way for the UB switch to put the user device in the new VLAN is for the user device to disappear from the UB switch, and then be reconnected.
One way to accomplish this is for the machine to be removed from the network for at least 5 minutes.
An alternative way is for link to drop to our UB switch, which will immediately clear the session on our switch.
If the user device is directly connected to the wall, then you can simply disconnect/reconnect the network cable, or reboot the device. However, if there is another device (miniswitch, VoIP phone, etc) in the path, then this option will not work because link will never drop on the UB switch.
If feasible, the user would need to drop link between their intermediate device (miniswitch, VoIP phone, etc) and the UB switch.
The pop-up is displayed because 802.1x is enabled on the wired port by default on Mac OS.
If you are prompted about using an 802.1x certificate, select No Certificate, and then you will be able to enter your UBITName as the account name and your UBITName password as password to complete configuration.
Follow these steps to remedy the problem.
This issue is related to the certificate authorities that are configured on the client device. This has been a longknown issue with UB Wi-Fi and ExpressConnect is configured to resolve the issue for UB Wi-Fi.
There is no benefit to setting up ExpressConnect for the wired connections because so many wired users don't have admin priveleges on their machine. Rather, for the wired devices, the 802.1x client configuration guide recommends that everyone disable the checkbox for validate server certificate.
During normal network operation, our switches periodically send out IPv6 neighbor solicitation packets that have a source IPv6 address of all zeros (::), and a source MAC address of all zeros (000000000000). A machine on a typical UB network can expect to receive 288 of these packets per day. Windows machines will occasionally assume a temporary IPv6 address of all 0's for a very brief period of time. The most common scenario is with regards to requesting or renewing an IPv6 DHCP lease.
If both of these relatively rare scenarios happen at the same time, the Windows machine will display the duplicate IP address pop-up. Based on anecdotal evidence, this is a very rare occurrence, and most users will never experience it, however there have been a few reports of users receiving the pop-up twice during the same week. There is likely something within the configuration of these machines that is causing a higher likelihood of the scenario happening (perhaps related to machine power management, or laptops that are docking and undocking, causing more frequent DHCP requests and/or renewals).
As far as we know, this issue is not service affecting in any way, and the user can simply click Close, and continue with their work. At this time, we do not have any other workaround or solution. If we see more frequent occurrences of this pop-up, and it becomes a nuisance, UBIT will investigate further.
The pop-up window can be disabled on Windows 7 by the following steps:
This is normal and expected behavior. When a VoIP phone is first connected to the network, it receives power from the UB switch and it is profiled by the switch.
Once the switch determines that the device is a VoIP phone, the switch reconfigures its port with the propper settings for the device. Then it bounces the power (PoE) to the VoIP phone so that the phone will be reset and come back online with the proper configuration.