Looking for advice on how to integrate health checks with what I use as a standard 8021x policy for a windows domain environment. What I call standard is looking for Machine Auth condition before allowing access to the network. This works fine until I combine it with health. Once I tick the "Used cached roles and posture from previous sessions", the Machine Auth condition (#2 in my example) will not get hit if a user logs onto a computer (which Caches the "User Authenticated" role) and then logs off or reboots within the health cache timeframe. So when they log off, the computer performs it MAchine AUthentication but will match condition #1 in my example as the "User Authenticated" is still cached and valid.
Maybe this is really a non issue as this would not happen to often but it is a realistic scenarion. We are also looking at extending the default 5 minute cache for other reasons which would exasperate this behavior.
Thoughts on what others do?
------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------