Wireless Access

I have a ticket open/pending with TAC, but they are super busy these days.

I have 3 SSID's setup, and manage my AP's in Aruba Central.
1. one for internal laptops that use Radius and an internal PKI to authenticate, so no password and only internal devices can connect. Nearly full internal access
2. A true Guest/Visitor Wi-Fi, this uses a cloud captive portal with self registration, and has MAC caching enabled.

3. I have Wi-Fi for Employee Devices that need a bit more access than guests, but not full blown laptop levels.
This one uses an internal captive portal, that goes to an internal Radius server and requires the internal Active Directory username and password
It works, but there is no option that I can find to do MAC caching. It makes them sign in usually once per day, but sometimes 2 -3 times
I set the inactivity timeout to the max of 86400 seconds, or 24 hours, and I set the "ReAuth Interval" to 0 so it should be off.

I would like the employee device option to not have to re-authenticate until their active directory password expires /changes.
Anyone know if this is possible?

I have a ticket open/pending with TAC, but they are super busy these days.

I have 3 SSID's setup, and manage my AP's in Aruba Central.
1. one for internal laptops that use Radius and an internal PKI to authenticate, so no password and only internal devices can connect. Nearly full internal access
2. A true Guest/Visitor Wi-Fi, this uses a cloud captive portal with self registration, and has MAC caching enabled.

3. I have Wi-Fi for Employee Devices that need a bit more access than guests, but not full blown laptop levels.
This one uses an internal captive portal, that goes to an internal Radius server and requires the internal Active Directory username and password
It works, but there is no option that I can find to do MAC caching. It makes them sign in usually once per day, but sometimes 2 -3 times
I set the inactivity timeout to the max of 86400 seconds, or 24 hours, and I set the "ReAuth Interval" to 0 so it should be off.

I would like the employee device option to not have to re-authenticate until their active directory password expires /changes.
Anyone know if this is possible?

I have a ticket open/pending with TAC, but they are super busy these days.

I have 3 SSID's setup, and manage my AP's in Aruba Central.
1. one for internal laptops that use Radius and an internal PKI to authenticate, so no password and only internal devices can connect. Nearly full internal access
2. A true Guest/Visitor Wi-Fi, this uses a cloud captive portal with self registration, and has MAC caching enabled.

3. I have Wi-Fi for Employee Devices that need a bit more access than guests, but not full blown laptop levels.
This one uses an internal captive portal, that goes to an internal Radius server and requires the internal Active Directory username and password
It works, but there is no option that I can find to do MAC caching. It makes them sign in usually once per day, but sometimes 2 -3 times
I set the inactivity timeout to the max of 86400 seconds, or 24 hours, and I set the "ReAuth Interval" to 0 so it should be off.

I would like the employee device option to not have to re-authenticate until their active directory password expires /changes.
Anyone know if this is possible?

We are looking to go away from it because every phone make/model does it just a little different, and we get asked to "create a how-to document" that encompasses every possible phone type.

With the captive portal every single user save 1 has been able to sign in on their own, we just need it to save the MAC a little longer.

I have a ticket open/pending with TAC, but they are super busy these days.

I have 3 SSID's setup, and manage my AP's in Aruba Central.
1. one for internal laptops that use Radius and an internal PKI to authenticate, so no password and only internal devices can connect. Nearly full internal access
2. A true Guest/Visitor Wi-Fi, this uses a cloud captive portal with self registration, and has MAC caching enabled.

3. I have Wi-Fi for Employee Devices that need a bit more access than guests, but not full blown laptop levels.
This one uses an internal captive portal, that goes to an internal Radius server and requires the internal Active Directory username and password
It works, but there is no option that I can find to do MAC caching. It makes them sign in usually once per day, but sometimes 2 -3 times
I set the inactivity timeout to the max of 86400 seconds, or 24 hours, and I set the "ReAuth Interval" to 0 so it should be off.

I would like the employee device option to not have to re-authenticate until their active directory password expires /changes.
Anyone know if this is possible?

We are looking to go away from it because every phone make/model does it just a little different, and we get asked to "create a how-to document" that encompasses every possible phone type.

With the captive portal every single user save 1 has been able to sign in on their own, we just need it to save the MAC a little longer.

I have a ticket open/pending with TAC, but they are super busy these days.

I have 3 SSID's setup, and manage my AP's in Aruba Central.
1. one for internal laptops that use Radius and an internal PKI to authenticate, so no password and only internal devices can connect. Nearly full internal access
2. A true Guest/Visitor Wi-Fi, this uses a cloud captive portal with self registration, and has MAC caching enabled.

3. I have Wi-Fi for Employee Devices that need a bit more access than guests, but not full blown laptop levels.
This one uses an internal captive portal, that goes to an internal Radius server and requires the internal Active Directory username and password
It works, but there is no option that I can find to do MAC caching. It makes them sign in usually once per day, but sometimes 2 -3 times
I set the inactivity timeout to the max of 86400 seconds, or 24 hours, and I set the "ReAuth Interval" to 0 so it should be off.

I would like the employee device option to not have to re-authenticate until their active directory password expires /changes.
Anyone know if this is possible?