This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assignment rules and IOS 15.0.2

Assignment rules and IOS 15.0.2

phil6564
New Contributor II

‎10-13-2021 07:00 AM

Hi all

We have an assignment rule on one of our user profiles that restricts connection to a particular VLAN to just IOS devices. A new version of IOS (15.0.2) was deployed overnight last night and now the ipads are dropping through to the default user profile and ending up on an incorrect VLAN. I'm wondering whether Aerohive isn't recognising 15.0.2 as an IOS version and is consequently dropping the connection request. 

Has anyone else experienced anything similar to this?

Thanks,
Phil.
0 Kudos
4 REPLIES 4

phil6564
New Contributor II

‎10-14-2021 06:03 AM

systemscsn :
The OS check in itself doesn't push the device to the correct VLAN; that is done by means of a security key associated with the VLAN. The OS check is just a further check to ensure that only devices running that particular OS can join the VLAN so, even if a device has the correct security key, if it's not running the correct OS it won't be allowed to join.

I don't know about checking for a version "greater than". My limited knowledge of how this work would tell me that's not possible but maybe someone else can say for certain.
0 Kudos

phil6564
New Contributor II

‎10-14-2021 06:00 AM

Thanks Paul

Our support partner has created a new OS object for us which contains the new DHCP fingerprint, probably exactly as you've described.
0 Kudos

Paul_Wang
Extreme Employee

‎10-14-2021 05:14 AM

Hi Phil,

This is a known issue CFD-7041 now. iOS 15 comes with a new DHCP fingerprint "1,121,3,6,15,108,114,119,252" according to the log.

Log snippet:
{
2021-10-14 15:42:42 info ah_auth: aaa: station(626a:7df3:ce48) option 55:1,121,3,6,15,108,114,119,252 no mapping os in database
}

Until this is enhanced at the XIQ side, you should be able to work around the issue by using a S-CLI with the following command or adding a custom OS object at the XIQ side.

os-version "Apple iOS" option55 1,121,3,6,15,108,114,119,252
0 Kudos

systemscsn
Valued Contributor

‎10-13-2021 09:53 AM

Sorry, no.  But thats a really interesting thing, i didnt realize you can create an assignment rule that sees the device type and can pish it to a different vlan.  Might be worth me looking into that for future reference.  I dont suppose there is a way to have a "greater than" in your rule?  so you can put in, "if ver is > than 15.0 then.do this......"
0 Kudos
GTM-P2G8KFN