Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Change LAN to WIFI with machine authentication

This thread has been viewed 0 times

  • 1.  Change LAN to WIFI with machine authentication

    Posted Mar 31, 2015 03:19 PM

    Dear Community,

     

     we have a very tricky situation here. We need to deploy a full Aruba network with IAP-205 devices, S1500 switches and with ClearPass and the clients are using Windows 7.

    The clients can connect to the network (LAN and wifi is the same) after successfully machine and user authentication. This is easy on LAN, nicely working on WiFi but there a problem when the client connect on LAN and after it disconnect from the wired network and connect on wifi. Based on that the machine authentication happen on the login section at Win7, the users can not connect to the wifi correctly, because without a machine authentication they have quarantine user role. So the client needs to log out from the win7 and relogin to pass the machine authentication too. This is not acceptable to the customer.

     

    The question is, how can we resolve if a client successfully pass the machine authentication on LAN, they will not need to pass the machine auth again when they switch to wifi?

     

    Many thanks for your help!



  • 2.  RE: Change LAN to WIFI with machine authentication

    EMPLOYEE
    Posted Mar 31, 2015 03:28 PM
    This is not possible since wired and wireless NICs have different MACs. Why not just configure both wired and wireless for machine authentication?


    Thanks,
    Tim


  • 3.  RE: Change LAN to WIFI with machine authentication

    Posted Apr 01, 2015 03:47 AM

    Hi Tim,

     

     thanks for the advice. We are already configured the machine auth both on the wired and wireless access, but the customer has some problem with that procedure. The clients starts to work with their notebooks connecting to the wired network, the Machine auth pass nicely, but when they need to change to wireless they need to pass the machine authentication again so they need to log out on the win7 machine for that. This is how the machine auth works normaly on windows 7 but this is not good to the customer. So that is why we are interesting is there any trick how can we configure the system to pass the machine authentication without user interaction?

     

    Thanks a lot!

     

    Best regards,

    Gabor

     



  • 4.  RE: Change LAN to WIFI with machine authentication

    EMPLOYEE
    Posted Apr 01, 2015 10:48 AM

    This is not possible since they are two different NICs.

     

    Why not just use wireless at the desk as well?



  • 5.  RE: Change LAN to WIFI with machine authentication

    Posted Apr 01, 2015 10:59 AM

    Hi,

     

     Understood...

     

     The customer needs to authenticate the corporate machine too not only the user. So we need to resolve that the network can be used only with corporate machines with corporate users. So this is why we think about the machine authentication but the extra interaction from the users is not acceptable by the customer.

     

     It looks like we need to find some other way to check the the machine is corporate or not.

     

    Best Regards,

    Gabor