I have a ticket open/pending with TAC, but they are super busy these days.
I have 3 SSID's setup, and manage my AP's in Aruba Central.1. one for internal laptops that use Radius and an internal PKI to authenticate, so no password and only internal devices can connect. Nearly full internal access2. A true Guest/Visitor Wi-Fi, this uses a cloud captive portal with self registration, and has MAC caching enabled.
3. I have Wi-Fi for Employee Devices that need a bit more access than guests, but not full blown laptop levels.This one uses an internal captive portal, that goes to an internal Radius server and requires the internal Active Directory username and passwordIt works, but there is no option that I can find to do MAC caching. It makes them sign in usually once per day, but sometimes 2 -3 timesI set the inactivity timeout to the max of 86400 seconds, or 24 hours, and I set the "ReAuth Interval" to 0 so it should be off.
I would like the employee device option to not have to re-authenticate until their active directory password expires /changes.Anyone know if this is possible?
This was an accidental duplicate post due to a web browser glitch.Link to original and identical post.Internal Captive Portal - MAC Caching? | Wireless Access (arubanetworks.com)
We are looking to go away from it because every phone make/model does it just a little different, and we get asked to "create a how-to document" that encompasses every possible phone type.
With the captive portal every single user save 1 has been able to sign in on their own, we just need it to save the MAC a little longer.
You are not incorrect on any of that.However, we are not in a place to add a mobile device management system at the moment, due to political and financial reasons.
We also are not in a place to get our hands on every device and manually configure them to the Wi-Fi, which is also unfortunate.
The captive portal is the best solution that solves all the needs of all of our different internal leadership from all departments, and allows users to connect the necessary devices to Wi-Fi when required.We have set it up so that laptops with full access (well full access as far as employees go) uses in internal PKI and no password, so it requires the laptop to be part of the domain, part of a correct group, and have the correct internal certificate to connect.The employee devices we are configuring here are much closer to a "guest" access than a full access, and we have only allowed them access to a very small subset of internal things using the firewall rules and access rules available to us.
Because their devices do in fact require access to only those very few things above what a true guest access does, that is why we have opted to do this.
Due to all of those restrictions we feel safe using the captive portal for these employee devices in this way, and feel safe in using the captive portal.ClearPass is very likely the solution we will be moving forward with, in light of the fact that we can not do MAC caching without it.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.