No announcement yet.

Wireless controller authentication with a proxy

  • Filter
  • Time
  • Show
Clear All
new posts

  • Wireless controller authentication with a proxy

    We have wireless devices (could be laptops, netbooks etc) which connect to an Aruba wireless controllers. Users of these devices can request an AD account at the from an admin. They then connect to the wireless controller and authenticate to AD via a standard captive portal.

    We plan to configure WCCP on a data centre switch to redirect all internet based traffic to a Bluecoat SG810 proxy. That proxy is itself integrated to AD via BCAAA to provide filtering groups for the user (kids, adutls etc).

    The issue we have comes where the wireless client device canít pass the correct authentication details to the proxy as it isnít on the domain (only connected to the controller). Therefore the proxy asks for authentication details meaning wireless users are asked for two logins (one of the wireless controller and one of the proxy). This is deemed as unacceptable. We cant use guest authentication on the bluecoat box as the user require filters for specific user groups (kids, adults etc)

    The user believes there must be some way we can configure the wireless controller to Ďknowí that a client has authenticated to AD and can then pass those same credentials to the upstream proxy. They do this now via static IP addresses (but we can and will only use dynamic IPís via DHCP in the new solution). In all honesty Iím not sure if this is possible since I donít know if/how the controller knows or retains the clients AD details against the IP address allocated and then passes this to the proxy. Can wireless controllers be configured to do this with dynamic IPís? Can they pass through client authentication details (NTLM/Kerberos) to an upstream proxy. Is this standard?

    The alternatives are we donít ask the wireless controller to authenticate and only do the authentication once against the proxy or we enforce these two logins. The use is happy with neither