- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: 802.1x authentication issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2007 01:59 PM
тАО04-17-2007 01:59 PM
session ending and hence switch port going back to open state, so that next person trying to log in, will start a new 802.1x autentication session?
In this scenario, a third user, who also never logged on to this machine ever, but belonging to same windows AD group (and hence IAS supplying same VLAN ID as the main user of machine), can log in fine.
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2007 03:55 PM
тАО04-17-2007 03:55 PM
SolutionThere a two registry changes you need to make to ensure that it starts and ends the session properly.
http://archives.neohapsis.com/archives/sf/ms/2005-q3/0109.html
Set the SupplicantMode registry to 3 and the AuthMode registry to 1
HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMode
HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\SupplicantMode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-17-2007 03:56 PM
тАО04-17-2007 03:56 PM
Re: 802.1x authentication issues
The default log off period the switch waits for
client activity before removing an inactive client from the port is 5 minutes (300 sec), and that can be set by the option: aaa port-access authenticator < port-list > [logoff-period]< 1 - 999999999 >
One more thing, the re-auth period which is the time after which clients connected must be re-authenticated is by default 0 sec (means disabled), so you can try enable it by the option:
aaa port-access authenticator < port-list > [reauth-period < 0 - 9999999 >]
Also, if you are trying to do that with one port on the switch, then you have a Limitation on Using an Unauthorized-Client VLAN on an 802.1X Port Configured to Allow Multiple-Client Access.
A client using the Unauthenticated-Client VLAN will be blocked when another client becomes authenticated on the port.
For this reason, the best utilization of the Unauthorized-Client VLAN feature is in instances where only one client is allowed per-port.
Good Luck !!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-18-2007 05:29 AM
тАО04-18-2007 05:29 AM
Re: 802.1x authentication issues
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-13-2007 01:25 AM
тАО07-13-2007 01:25 AM
Re: 802.1x authentication issues
I'm facing the same situation as yours. Did you managed to resolve your issue?
In my scenario, if a new user logs-in (regardless of which windows group), there will be domain not available message. I have already configured what Matt suggested and still no luck.
If you have resolve your issue, would you mind sharing?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-18-2007 09:26 AM
тАО07-18-2007 09:26 AM
Re: 802.1x authentication issues
I plan to test this:
aaa port-access authenticator 1-44 logoff-period 60
aaa accounting update periodic 1
aaa accounting network start-stop radius
aaa accounting exec start-stop radius aaa accounting system start-stop radius
You should also create machine accounts in the same VLAN/AD group as the user accounts as Windows XP does not support authenticating machine and user into different VLANs.
Good Luck.