This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Support for Android 9 in Cloudpath?

newsfool
New Contributor III

‎11-13-2018 02:02 PM

CP 5.2.3959 (current rev) does not support Android 9 released in August. Is there a plan to support this version of Android? I was unable to find any info about a release date for an update. 

I've tried to onboard 2 separate Android 9 phones -- both accept the 802.1x certificate but do not roam properly to neighboring APs. They require sign-in via the Android captive network assistant, or require turning off cellular data temporarily to activate an automatic sign in.  This behavior is not present in Android 8 or earlier.

Thanks.
2 REPLIES 2

abhi_maras
New Contributor III

‎11-14-2018 02:59 PM

CP 5.2 is tested and supported on Android 9. We have tested specifically with Pixel and other variants. The above scenario looks like a roaming issue on these specific Andorid phones where the device prefers to join a open ssid during a roam event when joined to the secure ssid on the same AP. Perhaps for testing the theory out, can you manually delete or disable re-join for the open ssid and check if it roams?

newsfool
New Contributor III

‎11-16-2018 04:45 PM

Thanks so much for the response. Perhaps the docs could be updated? Tech support told me it wasn't supported yet.

Regarding the problem, we are using a Pixel XL and  Pixel 2. It's definitely not trying to join an open ssid. However, I just discovered a clue to the problem by looking at the logs on our Palo Alto firewall which is linked to Cloudpath.

Even though my Android 9 device has been onboarded and is using a certificate for 802.1x authentication to the encrypted SSID, some of the initial traffic through the firewall is blocked during roaming and initial connection. The traffic is to IPs associated with "www.google.com". Per the logs, the traffic is blocked because the firewall does not yet have a user name associated with the device for policy matching on the firewall.

If I whitelist "www.google.com" the phone properly connects to the secure SSID and is authenticated to the firewall with the username embedded in the cert.

If I don't whitelist "www.google.com" then I need to click through the captive portal browser to get authenticated after roaming.

These problems only surfaced with Android 9. Prior versions did not require this. 

I guess I could work around this by allowing a permanent exception to "www.google.com" for my wireless network, but I'd prefer not to do that. Suggestions appreciated. Thanks!

0 Kudos
Copyright © 2024 Khoros, LLC