03-31-2015 12:19 PM
we have a very tricky situation here. We need to deploy a full Aruba network with IAP-205 devices, S1500 switches and with ClearPass and the clients are using Windows 7.
The clients can connect to the network (LAN and wifi is the same) after successfully machine and user authentication. This is easy on LAN, nicely working on WiFi but there a problem when the client connect on LAN and after it disconnect from the wired network and connect on wifi. Based on that the machine authentication happen on the login section at Win7, the users can not connect to the wifi correctly, because without a machine authentication they have quarantine user role. So the client needs to log out from the win7 and relogin to pass the machine authentication too. This is not acceptable to the customer.
The question is, how can we resolve if a client successfully pass the machine authentication on LAN, they will not need to pass the machine auth again when they switch to wifi?
Many thanks for your help!
03-31-2015 12:28 PM
04-01-2015 12:47 AM
thanks for the advice. We are already configured the machine auth both on the wired and wireless access, but the customer has some problem with that procedure. The clients starts to work with their notebooks connecting to the wired network, the Machine auth pass nicely, but when they need to change to wireless they need to pass the machine authentication again so they need to log out on the win7 machine for that. This is how the machine auth works normaly on windows 7 but this is not good to the customer. So that is why we are interesting is there any trick how can we configure the system to pass the machine authentication without user interaction?
Thanks a lot!
04-01-2015 07:48 AM
04-01-2015 07:59 AM
The customer needs to authenticate the corporate machine too not only the user. So we need to resolve that the network can be used only with corporate machines with corporate users. So this is why we think about the machine authentication but the extra interaction from the users is not acceptable by the customer.
It looks like we need to find some other way to check the the machine is corporate or not.