hi,
I have a question that has driven me crazy for a few days ...
The title could be - credential caching in 802.1x (PEAP - MSCHAPV2)
The authentication model has to be 802.1x - for all types of mobile devices so I use PEAP.
The users reside in an external LDAP and the clearpass is already consulting it without problems. In principle all good.
The issue is that there are devices that perform radius: request every few minutes - I suppose it's because of roaming problems between APs. Whenever a change of AP occurs - a radius authentication request is generated
Do you think of any way to locally cache the identity of the client device, for example through the MAC address tuple and user name, to verify the existence of locally established session?
This does not progress requests to the LDAP.
I'm trying to store the Radius value: IETF: Calling-Station-Id in some local table (although I assume the known MAC addresses will be querible) and then - BEFORE Normal Authentication - check this table and compare it with the value new connection MAC device... it's very difficult to me.
Realy thanks - i know that not have to be easy