Hello

What kind of enviroment you got? because aruba recoments agains the use of Mac authentication as its really weak, and its easy to crack.

It is not possible to deploy 802.1x?

Or can you explain us why you using mac authentication in your enviroment maybe there is a better way to do this besides using mac authentication.

Cheers

Carlos

i understand mac is easy to crack. This wlan is only use by the customer. It configure to authenticated over the captive portal (via ClearPass of course). Mac authentication is enable after first initial login. It just a convinient for customers to log back in without typing the credentail again. 

---

skywalker wrote:

i understand mac is easy to crack. This wlan is only use by the customer. It configure to authenticated over the captive portal (via ClearPass of course). Mac authentication is enable after first initial login. It just a convinient for customers to log back in without typing the credentail again. 

---

I would create a second SSID for those computers and only broadcast that SSID in that area where the fixed computers are.

You would create a different Weblogin in ClearPass that does not have Mac Caching and in the initial role for those users, forward them via the Captive Portal authentication profile to the URL of that new Weblogin.

Thanks Colin!

As much as i want to avoid creating a new SSID for this. Thing will just get messier this way. I kinda have an idea. The captive portal from controler itself has a link for to click and logout. Is there a link like that from ClearPass? i can just create a short-cut/URL on the desktop for user to click and logout.