ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 22
Registered: ‎09-23-2010

Machine auth & Aruba

hi guys, we have a issue with laptops and machine auth, running windows xp. Basically, when machines that are of a SOE (that is, they use machine auth and also a username/password) are logged in, but move out of wireless coverage, the profile changes as the machine will not reattempt machine auth unless a reboot is performed

Does anyone know how to resolve this? What happens is because the profile changes, their access from SOE to NON SOE occurs and they loose certain acecss to file/print etc.

How can machine auth be triggered constantly to ensure if wireless coverage drops and they come back into coverage, machine auth will occur again and user/pass occurs again, therefore giving them access to the network via the SOE profile

Thanks!

Cheers
kris
Guru Elite
Posts: 21,571
Registered: ‎03-29-2007

Re: Machine auth & Aruba

If you are using "Enforce Machine Authentication" parameter, there is a machine authentication timeout parameter in the 802.1x profile which will cache the status of machine authentication for "X" hours. By default this is 24. Increase this to increase the amount of time when clients are forced to machine authenticate.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎09-23-2010

Re: Machine auth & Aruba

Thanks, thats all turned on and set to 24, we'll do a bit more testing..
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Machine auth & Aruba

One thing to remember is that machine auth is only done on a login or logout. When machine auth is successful, the controller will cache the MAC address of the machine for the cache timer (24 hours by default as Colin said). If the user logs in one morning, the sleeps or hibernates the machine for 25 hours, then powers on the machine, machine auth will fail (since the cache no longer has the MAC and a resume doesn't do machine auth again). The same thing would happen if the user disconnected from the WLAN, waited 24 hours, then reconnected without a login/logout.
Occasional Contributor II
Posts: 22
Registered: ‎09-23-2010

Re: Machine auth & Aruba

Sure , understand. However, whats the solution to that? Just make the timer extremely long in the hope that a user would reboot at some stage during that timer and refresh the cache???

Am I right in saying that if the Aruba sees the client mac in the cache, the user relogins via their user/pass it would put them into the profile that was specified for a successful user/pass and machine auth?
Guru Elite
Posts: 21,571
Registered: ‎03-29-2007

Re: Machine auth & Aruba

yes


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎09-23-2010

Re: Machine auth & Aruba

Thanks Colin, whats the max amount of hours that can be set in the time out field?
Guru Elite
Posts: 21,571
Registered: ‎03-29-2007

Re: Machine auth & Aruba

(McGraw-Hill) (802.1X Authentication Profile "default") # machine-authentication cache-timeout ?
Cache Timeout in Hours.Default is 1 day (24 hrs).
Range: 1-1000. Default: 24.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎09-23-2010

Re: Machine auth & Aruba

Thank you sir!
Search Airheads
Showing results for 
Search instead for 
Did you mean: