Security

Reply
MVP
Posts: 725
Registered: ‎03-25-2009

Syncing L3 user auths across controllers?

Can somebody confirm this is still not possible?

 

I have a setup with master (with vrrp backup) and a bunch of locals. 

When an authenticated captive portal user roams from local-1 to local-2 he is required to log in again,

 

Is tunneling all guest user traffic to the master controllers still the only way to not force layer3 guests to reauthenticate when roaming across controllers or is there a 'simpler' solution I can use?

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 20,566
Registered: ‎03-29-2007

Re: Syncing L3 user auths across controllers?

Auth state is not synchronized across controllers when using Captive Portal.  The "Enterprise" way to do it is with mac caching using a policy engine like ClearPass...

 

If the traffic is tunneled to a 3rd controller and auth is done at that controller (untrusted tunnel) it is possible.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 725
Registered: ‎03-25-2009

Re: Syncing L3 user auths across controllers?

No Clearpass available so no automatic MAC caching possible. Guess I need to go build some tunnels.

Thank for the confirmation.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite
Posts: 20,566
Registered: ‎03-29-2007

Re: Syncing L3 user auths across controllers?

Is there a way to design the network so that users do not roam between controllers often?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 725
Registered: ‎03-25-2009

Re: Syncing L3 user auths across controllers?

Think some tunnels is going to be easier to manage.. Once configured nobody needs to look at it anymore.

Thanks for the feedback though.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: