10-11-2011 11:45 AM - edited 07-03-2021 08:54 PM
Hello I'm currentlly running Both Wired and Wireless GPO via Win2008r2, on my WIRED connections after clt-alt-del logoff my network connection stays open (pingable)
While connected via wireless (WLC 5508 and WCS) Windows AD 2008r2 ;Radius Server 2003.
All Clients authenticate using Network Authen (Wireless Network Connection Properties) WPA2 Data encryp AES EAP type PEAP
Authentication Method (EAP-MSCHAP) I have no problems connecting via SSID etc... my Question is how do I keep the TCP connection open after initiating a logoff from Windows. (Closing network connection) OPEN!
I need to maintain a tcp(pingable) connection open in order to access Manufacturing clients that are connected via WIFI. (WLC).
All wireless clients are issued and auto-enrollment cert via IAS .
Thanx U
10-11-2011 12:16 PM
Byron,
To make sure I'm reading this correctly. User logs in to wireless from client.xyz.local. You are able to ping this device.
Now, user logs off, and you are no longer able to ping client.xyz.local. But you want them to still be able to ping it.
Is that correct?
If so, does the client device support machine authentication, or just user authentication? To keep the IP address and be on the network, the device would need to support machine authentication, so that it can log back in, after the user has logged off.
HTH,
Steve
----------------------------------------------------------------------------------------------------------
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.
10-11-2011 12:23 PM
Authenticate as Computer when Computer information is Avail. (Wireless properties)
10-11-2011 12:25 PM
The user has no problems logging back on.. It’s the machines that are I remote into –via VNC but cannot because network connection is closed.
I have to send a Tech out just to log back in the machine will connect
10-11-2011 12:52 PM
what are you using for the AAA, and are the devices joined to the domain?
10-11-2011 01:07 PM
Radius server Win2003 (IAS) yes name@domain.com
10-11-2011 01:14 PM
in the profile on IAS, do you have the OU that the machines are in in the allowed list?
10-11-2011 01:49 PM
Yes they are listed under AD Domains and Trusts in the Radius server supporting (IAS)
Do you mind if I send a few attachments im not sure who all is viewing but it contains my Directory structure
10-24-2011 10:06 PM
Sorry for the delay I did resolve the issue by adding computer authentacation at the AAA(Radius GPO)..
But you were correct, by allowing the machine to authenticate with local cert stored on machine I was able to keep icmp going.
I was putting to much thought by modifying my wireless GPO. Under my OU.
Thx
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: