If I use machine and user certificates does that mean the machine get's an IP address, authenticates, the user then logs on which causes another DHCP renew and user authentication? Is it better to use machine and user or just machine?
It depends on your needs and applications, the advantage of also using machine authentication is that the machine connects, authenticates and is on the wireless network irrelevant of whether a user has logged in, which means you can remote access or monitor the machine at that point. I know alot of facilities that do it that way because they manage the machines with things like SMS, etc.. Without machine authentication the computer won't attach to the wireless until a user physically logs into the machine at which point it pass authentication.
personally I like the machine authentication that way you can push updates and other things to the machines without having to either send a person to the machine to login or waiting for a user to login so that you can access the machine, it just needs to be on.
in short machine authentication replicates being hardwired to the network.
I maybe incorrect here but the only time it would re-ip is if the client is authenticating against ACS and it was to assign a different vlan to the user than the machine originally authenticated to, otherwise I believe it uses the ip address and session that the machine had already created and just passes the authentication thru.
If I am incorrect I am sure someone here will correct me.
That is correct the machine when it boots it should authenticate to the network and you should see it in the passed authentication logs... Then when the user logs in you should see the user pass authentication as well, unless they aren't using 802.1x for the user.
If the machine fails the user won't/shouldn't be able to pass authentication.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...