Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Instant Ap 802.1x Authentication

This thread has been viewed 6 times

  • 1.  Instant Ap 802.1x Authentication

    Posted Nov 24, 2016 06:34 PM

     

    Hello , 

     

    scenario#1

    clients successfuly authenticate and got connected to the

    network ssid via radius autentication.   

     

    i wonder what will happen to the clients if both the master&radius will go down and other iap will become the VC .

     

     

    scenario#2

    is it possible to make iap 105/205 port 0 (uplink) to connect switch port that configured with 802.1x base port authentication? 

     

    i found this tutorial , i didnt fully understand how to add aps to the group after we configured AP1X ..:

    https://community.arubanetworks.com/t5/tkb/articleprintpage/tkb-id/Controller-lessWLANs/article-id/743

      

     

    scenario#3 

    iap fully operational and powered with PSU ,what will happen to WPA2-ENT users that alredy got connected  if someone will disconnect the iap from the network and reconnect it directly to his pc in attempt to start a packet capture? 

     

     

     



  • 2.  RE: Instant Ap 802.1x Authentication

    EMPLOYEE
    Posted Nov 24, 2016 10:41 PM

    If the VC (Virtual Controller) goes down, another AP takes its place.  If dynamic radius proxy is enabled, all authentication gets sent out of the VC, through the VC's Virtual Controller address.  if DRP is not enabled, all radius authentication comes from the AP that the device is connected to.  if radius is down, no new clients can attach.



  • 3.  RE: Instant Ap 802.1x Authentication

    Posted Nov 25, 2016 04:34 AM

    Hi Colin ,

     

    none of it answer my qustions , let me rephrase question #1.

     

    In scenario#1 there is two iAPs in the group , the client already authenticated & connected to the slave iap. , what will happen to the client session after new vc election , does the client will need to reauthenticate?  ("Reauth interval" & "Authentication survivability" set with default values .. )

     

     

    Thank you ,
     

     

     



  • 4.  RE: Instant Ap 802.1x Authentication

    EMPLOYEE
    Posted Nov 25, 2016 06:43 AM

    If the AP does not go away, the client stays connected to it.  If the client is connected to the slave and the master goes away, the client stays connected...  A VC election does not interfere with clients on other access points that stay in service.

     

    Authentication Survivability requires ClearPass Policy Manager 6.0.0.2 and above.  It is to protect against the radius server going down or the wan between the AP and the radius server going down.  Users that have already authenticated can stay on and roam to other APs in the cluster.