10-03-2016 11:51 AM
Actually MAC Auth Re-Auth Question...
I have an SSID that's uses MAC Auth & WEP.
The initial role clients are placed in is "macfail"
The default role clients are placed in is "authenticated"
RADIUS is performed by CPPM
The MAC DB is an externally hosted MySQL DB.
The aaa auth mac profile is as follows:
MAC Authentication Profile "regdmacs" ------------------------------------- Parameter Value --------- ----- Delimiter none Case lower Max Authentication failures 0 Reauthentication Disabled Reauthentication Interval 86400 sec Use Server provided Reauthentication Interval Disabled
Authentication is working as expected.
My question(s) are as follows...
If a (let's say stationary) client connects & unsuccessfully authenticates, Clearpass sends a RADIUS Reject and assignes the macfail role, will the client ever perform a re-authentication request?
Can I enable Reauthentication & specify a shorter Reauthenication Interval to force a Reauthentication attempt in order to update the client's role, or will the controller only force re-auth of the WEP exchange & cache the client's current role?
I am able to de-auth the client, which forces it to re-auth & update its role.
I can probably use an RFC 3576 config to bounce the client once they happen to appear in the MAC Registration DB; however, I'd like to find out what the anticipated behavior should be in my current config.
I'm not having any luck finding multiple authentication requests from my test client - which makes me suspect that MAC re-auth isn't a thing.
I'm not certain if MAC Auth adhere's to any re-auth behaviors if the client never roams to another AP.