Stateful Authentication

Mobility Master supports three different types of stateful authentication:

Stateful 802.1X authentication: This feature allows Mobility Master to learn the identity and role of a user connected to a third-party AP, and is useful for authenticating users to networks with APs from multiple vendors. When an 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.-capable access point sends an authentication request to a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server, Mobility Master inspects this request and the associated response to learn the authentication state of the user. It then applies an identity-based user role through the Policy Enforcement Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network..

Stateful Kerberos authentication: Stateful Kerberos authentication configures Mobility Master to monitor the Kerberos authentication messages between a client and a Windows authentication server. If the client successfully authenticates through a Kerberos authentication server, Mobility Master recognizes that the client has been authenticated and assigns that client a specified user role.

Stateful NT LAN Manager authentication: NT LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. Manager is a suite of Microsoft authentication and session security protocols. You can configure Mobility Master to monitor the NT LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. Manager authentication messages between a client and a Windows authentication server. If the client successfully authenticates through an NT LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. Manager authentication server, Mobility Master recognizes that the client has been authenticated and assigns that client a specified user role.

The default Windows authentication method has changed from the older NT LAN Manager protocol to the newer Kerberos protocol, starting with Windows 2000. Therefore, stateful NT LAN Manager authentication is most useful for networks with legacy, pre-Windows 2000 clients. Also note that unlike other types of authentication, all users authenticated through stateful NT LAN Manager authentication must be assigned to the user role specified in the Stateful NT LAN Manager Authentication profile. The Aruba stateful NT LAN Manager authentication does not support placing users in various roles based upon group membership or other role-derivation attributes.