This article applies to:
- Mobile R3000
- Mobile Clients
Question:
- Does Mobile R3000 filter users by IP address, or work with authentication?
Reply:
The "internal" R3000 identifies users--and assigns filtering profiles--based on the users' IP address.
On the other hand, the Mobile R3000 doesn't care about IP addresses. It identifies users solely based on the MAC address of their laptop. The reason for this is because your IP address changes all the time, depending on whether you're at home, at Starbucks, at a hotel, or wherever. A MAC address, however, does not change.
Also, the mobile client does not support LDAP authentication. Mobile users don't log into your LDAP domain at all.
By default, all mobile users are filtered by the Global Group Profile. You can create IP Groups for your mobile client users, but be sure to specify the MAC address(es) of the laptop, not an IP address.
If your Mobile R3000 is synchronizing with the internal R3000, you can still manage everything from the internal R3000. You can create IP Groups for your mobile users, and define Mac addresses, IP address, or both.
Just keep in mind that the internal R3000 will ignore the MAC address, and the Mobile R3000 will ignore the IP addresses.
Also, keep in mind that laptop computers generally have at least two interfaces/MAC addresses. One an ethernet card, the other a wireless card. When you install the mobile client, it will "grab" the first MAC address it sees, which could be one or the other. To see which MAC address the mobile client is using, look at this key in the Windows Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\InetCntrl
Notes:
Optional.