Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Syncing L3 user auths across controllers?

This thread has been viewed 1 times

  • 1.  Syncing L3 user auths across controllers?

    MVP
    Posted Apr 18, 2016 09:57 AM

    Can somebody confirm this is still not possible?

     

    I have a setup with master (with vrrp backup) and a bunch of locals. 

    When an authenticated captive portal user roams from local-1 to local-2 he is required to log in again,

     

    Is tunneling all guest user traffic to the master controllers still the only way to not force layer3 guests to reauthenticate when roaming across controllers or is there a 'simpler' solution I can use?



  • 2.  RE: Syncing L3 user auths across controllers?
    Best Answer

    EMPLOYEE
    Posted Apr 18, 2016 10:05 AM

    Auth state is not synchronized across controllers when using Captive Portal.  The "Enterprise" way to do it is with mac caching using a policy engine like ClearPass...

     

    If the traffic is tunneled to a 3rd controller and auth is done at that controller (untrusted tunnel) it is possible.



  • 3.  RE: Syncing L3 user auths across controllers?

    MVP
    Posted Apr 18, 2016 10:07 AM

    No Clearpass available so no automatic MAC caching possible. Guess I need to go build some tunnels.

    Thank for the confirmation.



  • 4.  RE: Syncing L3 user auths across controllers?

    EMPLOYEE
    Posted Apr 18, 2016 10:09 AM

    Is there a way to design the network so that users do not roam between controllers often?

     



  • 5.  RE: Syncing L3 user auths across controllers?

    MVP
    Posted Apr 18, 2016 10:46 AM

    Think some tunnels is going to be easier to manage.. Once configured nobody needs to look at it anymore.

    Thanks for the feedback though.