Wireless Access

Hi All

I have a customer who uses wired docking stations when at desk and wireless when mobile. Wireless is dot1x auth through CPPM. We have enforced Machine Auth so that devices that only auth with user credentials get a deny all role. Machine and user auth gives you full access.

When they unplug their laptop from the docking station, the devices are only performing user auth. If they log off and log on again then the machine auth happens whilst at the windows login screen.

So this brings up three questions:

1) Does the controller cache the machine auth status at all and if so, how long?

2) Is there a way to force a windows machine to do machine AND user auth whenever the state of the network connections change?

3) Does clearpass have a better method of caching the status of the device?

Cheers

Just spotted the 'machine auth cache timeout' in the dot1x profile so I can bump this up. Anyone know if there is a max? I'd like to set this to a really long time as these devices are always going to be allowed on the network, I suspect.

I would still prefer to force a re-auth somehow though.

The default is 24 hours and the max is 1000 hours http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/802.1x/Configuring_802_1x_Authe.htm

Unchecking "Enforce Mahine Authentication" and using clearpass to manage the Machine Authentication portion is more flexibile, however:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Enforce-Machine-Authentication/td-p/58918/highlight/true/page/2