I have a question that has driven me crazy for a days ...
The title could be - credential caching in 802.1x (PEAP - MSCHAPV2)
The authentication model has to be 802.1x - for all types of mobile devices.
The users reside in an external LDAP and the clearpass is already consulting it without problems. In principle all good.
The issue is that there are devices that perform "radius:request" every few minutes - I suppose it's because of roaming problems between APs. Whenever a change of AP occurs - a radius authentication request is generated
Do you think of any way to locally cache the identity of the client device, for example through the MAC address tuple and user name, to verify the existence of locally established session?
This does not progress requests to the LDAP.
I'm trying to store the Radius value: IETF: Calling-Station-Id in some local table (although I assume the known MAC addresses will be querible) and then - BEFORE Normal Authentication - check this table and compare it with the value new connection MAC customer ... it's very difficult to me.