Wireless Access

Contributor II

Questions about Machine Auth

Hi All


I have a customer who uses wired docking stations when at desk and wireless when mobile. Wireless is dot1x auth through CPPM. We have enforced Machine Auth so that devices that only auth with user credentials get a deny all role. Machine and user auth gives you full access.


When they unplug their laptop from the docking station, the devices are only performing user auth. If they log off and log on again then the machine auth happens whilst at the windows login screen.


So this brings up three questions:


1) Does the controller cache the machine auth status at all and if so, how long?

2) Is there a way to force a windows machine to do machine AND user auth whenever the state of the network connections change?

3) Does clearpass have a better method of caching the status of the device?





Contributor II

Re: Questions about Machine Auth

Just spotted the 'machine auth cache timeout' in the dot1x profile so I can bump this up. Anyone know if there is a max? I'd like to set this to a really long time as these devices are always going to be allowed on the network, I suspect.


I would still prefer to force a re-auth somehow though.

Guru Elite

Re: Questions about Machine Auth

The default is 24 hours and the max is 1000 hours http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/802.1x/Configuring_802_1x_Authe.htm


Unchecking "Enforce Mahine Authentication" and using clearpass to manage the Machine Authentication portion is more flexibile, however:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Enforce-Machine-Authentication/td-p/58918/highlight/true/page/2


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: