Security

Hello All,

 

Here is a quick outline of the issues. We had 3 floors in a building and using a pair of 3200 controllers in VRRP we were able to get full coverage of the office. We recently expanded to 3 more floors, and installed another set of 3200s in the same VLAN. It shares the same 3 VLANs, Guest, MGMT, and Employee. The employee network is working fine as when the user moves between floors the OS is able to reauthenticate via EAP-TLS and the user does not notice.

 

Or issue is that since the captive portal is configured for the Guest network, a user on this network will have their connections dropped and be foreced to re-authenticate to the network.

 

Is there any way to share network authentication state between controllers to allow for a device to roam between the two without having to re-authenticate? We are using Amigopod for our captive portal, but do not have RFC3576 features enabled.

 

We also have airwave, but are only running in Monitor mode.

 

Thanks

#3200

You can enable Mac caching so that the devices can retain their auth status for certain amount of time :
http://support.arubanetworks.com/DesktopModules/Bring2mind/DMX/Download.aspx?TabId=77&DMXModule=512&Command=Core_Download&EntryId=6205&PortalId=0

This would work across different controllers

U may also consider doing L2 Tunnel between two working masters.

(The user DB is internel on each master ..thats why your clients need to re-auth when passing from controller to controller)

 

How to? More info

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-717

 

 

Some more relevent info: (AirHeads)

http://community.arubanetworks.com/t5/Guest-Access/Guest-Network-Questions/td-p/31744

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Using-GRE-Tunnels-to-centralize-L3-access/td-p/2831