Security

Reply
Occasional Contributor I

802.1x Identity caching

I have a question that has driven me crazy for a days ...
The title could be - credential caching in 802.1x (PEAP - MSCHAPV2)

The authentication model has to be 802.1x - for all types of mobile devices.

 

The users reside in an external LDAP and the clearpass is already consulting it without problems. In principle all good.

 

The issue is that there are devices that perform "radius:request" every few minutes - I suppose it's because of roaming problems between APs. Whenever a change of AP occurs - a radius authentication request is generated

 

Do you think of any way to locally cache the identity of the client device, for example through the MAC address tuple and user name, to verify the existence of locally established session?

 

This does not progress requests to the LDAP.

 

I'm trying to store the Radius value: IETF: Calling-Station-Id in some local table (although I assume the known MAC addresses will be querible) and then - BEFORE Normal Authentication - check this table and compare it with the value new connection MAC customer ... it's very difficult to me.

Re: 802.1x Identity caching

Are you using Aruba ?
Are users roaming between APs attaches to different controllers ?


Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: