In an age where users (including myself) "CLAM" machines, and don't power off. Waking from sleep seems to cause issues with Aruba + EAP MS-CHAPv2.
In our 802.1x policy, we have
Machine Authentication: Default Machine role : Authenticated <- full network access
Machine Authentication: Default User Role: Logon <- access to the logon systems
Often when waking, the machine isn't "Authenticated" - it seems fine with the user, but somehow the machine hasn't authenticated.
I understand from our support company that there is a "timeout"? To help with this, but the PC needs to fully login.
That's not acceptible in a world where people CLAM shut their device.
So I am left trying to fix this, or find another solution - which so far is a choice of 2:
- EAP TLS - and have the support overhead of managing certificates on devices
- PPSK (move to Aerohive) and use a unique WPA2 key for each user.
I really like the idea of PPSK, and now have Aerohive on trial. But that is a big step and we are invested in Aruba.
But it is all about user experience, so if at the end of the day PPSK works, so be it.
Does anyone else have knowledge in this area and can give me some avenues to explore?