02-29-2012 02:46 PM
We verify that a computer has both a user cert and machine cert from our PKI before allowing it on the wireless. the problem we seem to have is that when a laptop goes into sleep mode it loses machine auth. you have to reboot or logout and log back in to reconnect. The clients are Windows 7. Anyone seen anything like this?
02-29-2012 03:18 PM
Your machine only "machine authenticates" if it is at the ctrl-alt-delete screen. There is a timer in in the 802.1x profile under advanced that says how long the controller remembers that a machine has "machine authenticated" after being at the ctrl-alt-delete screen. It is the "Machine Authentication Cache Timeout" parameter and by default it is only 24 hours, so your machine would have to be at the ctrl-alt-delete screen every 24 hours for the controller to know that it has machine authenticated.
You can find this timer by going to configuration> security> authentication> l2 authentication> 802.1x profile. Find the profile that corresponds to your WLAN and under advanced, the "Machine Authentication Cache Timeout" parameter should be there. Extend it as long as you need, so that your users do not have to be log off then log on again.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base