Security

Hi all

I have an Aruba environment with CAP, RAP, Controller 6.5 and Clearpass 6.7. There are users using Linux, MAC OS and Windows.

The Windows 10 users are facing a inconvenient task to click on SSID to connect on network after resuming from Sleep/Hibernation. (8 or 24hours)

The network is configured to authenticate devices by 802.1X EAP-PEAP.

The workstations trust at enterprise root CA. The certificate used by Clearpass was signed by this enterprise root CA.

I opened a TAC Case and they advise to use a Public valid certificate to fix it. Does it make sense?

Do you have any tip to improve the user experrience?

Thank you,

Ed

I don't think that a public certificate would help.  Typically it is the client that decides that it will reconnect, and that is a client setting.  If your radius certificate is issued by your domain and users pass authentication, the client should be able to reconnect.  If it does not, you need to turn on debugging on the controller and search for the client's mac address in access tracker to see why it cannot connect.  The client should have the SSID defined and set to connect to automatically.  If it is, you should turn on debug logging for that client on the controller and look at the access tracker to see if the client is even trying.

Hi cjoseph,

The user debug log was collected for theses users when the resuming from sleep mode.

The four way handshake is done with sucess -> <- and the first radius packet is droped *.

Because of that the TAC suspected the certificate.

I did not see any of the logs, so that is just my general opinion.  There are many environments that function with a private domain CA that don't have this problem, is the only reason for my post.