Wireless Access

Be gentle, brand new forum user here. I'd like to compliment all the folks that keep these forums active. It's nice to see such an active community of people helping each other out. I took a look at the knowledgebase on this issue but wasn't able to dig up anything that seemed applicable.

I have two sites, each with their own 3600 controller. At each site there is a 2008R2 Server running NPS for RADIUS. I'm terminating at the RADIUS server.

Things are working great! I'm very pleased with the 3600 controller and all the APs. I'm *just* about to release this network to my users, but I noticed something unusual.

On the Clients section of the dashboard on my 3600 controller, I see MAC addresses of clients that haven't finished joining the network. After they authenticate, I either see the machine account or Active Directory user account instead of the MAC address. Which is good.

However during my testing I noticed something unusual. After about 45 minutes of an XP client sitting idle (it did not go to sleep) the Active Directory username 'changed' back to the MAC address on the Clients tab. No biggie, I figured something timed out somewhere and it would throw in that username again once the client started passing traffic.

So I SSH'd into the controller and found this command (MAC addresses and usernames sanitized):

#show dot1x supplicant-info list-all

802.1x User Information
-----------------------
MAC Name Auth AP-MAC Enc-Key/Type Auth-Mode EAP-Type Remote
------------ -------- ---- ------ ------------------- ----------- --------- ------
00:1d:e0:xx:xx:xx DOMAIN\username Yes d8:c7:c8:xx:xx:xx * * * * * * * */WPA2-AES Explict Mode EAP-PEAP No

This is the exact information I'd expect to be shown on the Clients tab - so obviously this is more of a display issue, maybe? It seems like people who disassociate on purpose drop off this supplicant list pretty quickly.

I also have an AirWave license, and on the Clients tab there it DOES show the DOMAIN\Username of this XP client (instead of just the MAC) the way I'd expect to see it. Why doesn't this match up with the Clients tab on my controller?

If you are doing mac authentication, the username will show as the mac address....

I do not believe I am doing MAC authentication. I rebooted the client in question and now I'm letting it sit idle again to see if I can reproduce the behavior.

Right now I'm an hour and a half into the test (XP computer sitting idle but not sleeping) and it's still showing up on the Clients tab as the username and not MAC (which is what I expected).

Perhaps it was just a quirk when I noticed it earlier. I'll update this thread with my results either way.

what version of ArubaOS is this?

6.1.3.5. I still have not been able to reproduce this behavior, even with clients idling for multiple hours. I'm hoping that it was just a one time thing.

Got it.

Since you upgraded to 6.1.3.5, if you have not done so, please clear your browser cache to make sure that there are no artifacts from the upgrade.