Wireless Access

Reply
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

802.1x queery...

Hi, have users with laptops docked and connected to the LAN via ethernet, and also wln card enabled.

 

They log in and authenticate via the wired interface but would like to remove the laptop and carry on working via the Wlan which is configured with an 802.1x profile machine and user auth but it does not work seamlessly, have to re auth or reboot.  I believe this is doable ??

 

Thanks

ACMA/ACMP
Guru Elite
Posts: 8,340
Registered: ‎09-08-2010

Re: 802.1x queery...

You would need to look at using certificates if you need this functionality.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: 802.1x queery...

Machine + user authentication works good if a user is on wireless most of the day.  It does not work well if they are on wired, because their machine authentication status times out on the wireless, and when they undock, they are only considered user authenticated.

 

Most people extend the machine authentication timer to account for the time they will not be on wireless.  Below is where you change it for ClearPass:

machine-auth-cache.png

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

Re: 802.1x queery...

Cheers chaps,   were using radius on win domain,no clearpass.. Tim can you briefly explain why this will only work with certs ??

 

Thanks

ACMA/ACMP
Guru Elite
Posts: 8,340
Registered: ‎09-08-2010

Re: 802.1x queery...

You can issue certs to users which can be used for both wired and wireless authentications. Your policy can check to see if they have a valid cert from "X" CA and know that it's a valid computer and user.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: