Wireless Access

Reply
Occasional Contributor II

Change LAN to WIFI with machine authentication

Dear Community,

 

 we have a very tricky situation here. We need to deploy a full Aruba network with IAP-205 devices, S1500 switches and with ClearPass and the clients are using Windows 7.

The clients can connect to the network (LAN and wifi is the same) after successfully machine and user authentication. This is easy on LAN, nicely working on WiFi but there a problem when the client connect on LAN and after it disconnect from the wired network and connect on wifi. Based on that the machine authentication happen on the login section at Win7, the users can not connect to the wifi correctly, because without a machine authentication they have quarantine user role. So the client needs to log out from the win7 and relogin to pass the machine authentication too. This is not acceptable to the customer.

 

The question is, how can we resolve if a client successfully pass the machine authentication on LAN, they will not need to pass the machine auth again when they switch to wifi?

 

Many thanks for your help!

Guru Elite

Re: Change LAN to WIFI with machine authentication

This is not possible since wired and wireless NICs have different MACs. Why not just configure both wired and wireless for machine authentication?


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Change LAN to WIFI with machine authentication

Hi Tim,

 

 thanks for the advice. We are already configured the machine auth both on the wired and wireless access, but the customer has some problem with that procedure. The clients starts to work with their notebooks connecting to the wired network, the Machine auth pass nicely, but when they need to change to wireless they need to pass the machine authentication again so they need to log out on the win7 machine for that. This is how the machine auth works normaly on windows 7 but this is not good to the customer. So that is why we are interesting is there any trick how can we configure the system to pass the machine authentication without user interaction?

 

Thanks a lot!

 

Best regards,

Gabor

 

Guru Elite

Re: Change LAN to WIFI with machine authentication

This is not possible since they are two different NICs.

 

Why not just use wireless at the desk as well?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Change LAN to WIFI with machine authentication

Hi,

 

 Understood...

 

 The customer needs to authenticate the corporate machine too not only the user. So we need to resolve that the network can be used only with corporate machines with corporate users. So this is why we think about the machine authentication but the extra interaction from the users is not acceptable by the customer.

 

 It looks like we need to find some other way to check the the machine is corporate or not.

 

Best Regards,

Gabor

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: