HPE Community
Switches, Hubs, and Modems
1753762 Members
4596 Online
108799 Solutions
New Discussion юеВ

Re: 802.1x and windows users

 
Hp 5300 Went Down
Occasional Advisor

тАО10-22-2007 12:07 AM

тАО10-22-2007 12:07 AM

802.1x and windows users

Hi,
we have a problem using 802.1x on wired network.
If i connect my pc to the network with user "example" the switch authenticate and put me on the correct VLAN.
If i disconnect the user and login with a different user, the pc remain in the "example" vlan.
There is a way to force re-authentication when the windows user change?

THANK YOU
0 Kudos
6 REPLIES 6
Mohieddin Kharnoub
Honored Contributor

тАО10-22-2007 03:21 AM

тАО10-22-2007 03:21 AM

Re: 802.1x and windows users

Hi

The command for re-auth is:
aaa port-access authenticator < port-list >
[reauthenticate]

Forces reauth en tic at ion (unless the authenticator is in ├в HELD├в state)

But i would like to ask, who is assigning Vlan, the switch static Vlan, Switch auth-VID, RADIUS attrib, or IDM?

If you can attach the config of your 5300 that would be very helpful to understand the situation.

Make sure anyway your configuration is correct, and use the following document for 802.1x on the 5300:

ftp://ftp.hp.com/pub/networking/software/6400-5300-4200-3400-Security-Oct2006-59906052-Chap11.pdf

Good Luck !!!
Science for Everyone
0 Kudos
Hp 5300 Went Down
Occasional Advisor

тАО10-22-2007 03:34 AM

тАО10-22-2007 03:34 AM

Re: 802.1x and windows users

We use RADIUS attribute via Microsoft IAS (w2003).
We already try with re-auth forced by the switch and it works.
There is way to perform re-auth when the windows user change using the Win client?
0 Kudos
Mohieddin Kharnoub
Honored Contributor

тАО10-22-2007 03:36 AM

тАО10-22-2007 03:36 AM

Re: 802.1x and windows users

can you attach the config of the 5300 after removing any sensitive information.

Science for Everyone
0 Kudos
Matt Hobbs
Honored Contributor

тАО10-22-2007 10:38 AM

тАО10-22-2007 10:38 AM

Re: 802.1x and windows users

There are a couple of registry changes you need to make on the client machines:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1119130
0 Kudos
Hp 5300 Went Down
Occasional Advisor

тАО10-22-2007 07:19 PM

тАО10-22-2007 07:19 PM

Re: 802.1x and windows users

Hi,
the 2 registry keys are not present in my registry...
I have to manually put these 2 keys?
0 Kudos
Matt Hobbs
Honored Contributor

тАО10-23-2007 10:44 AM

тАО10-23-2007 10:44 AM

Re: 802.1x and windows users

I've attached a file you can use that will insert those entries into your registry. As it does have to do with modifying your registry, please take any precautions you need to (i.e, make a backup first just in case).

Having said that, I've never had a problem with these keys.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.