- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- 802.1x and Windows roaming profiles
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2012 08:42 AM
06-12-2012 08:42 AM
802.1x and Windows roaming profiles
Hi,
Currently I'm working on a 802.1x implementation. we are using 5800 switches, Windows 2008 NPS and Windows 7 clients. 802.1x is working fine also with a phone in between. So far so good.
Both user and machine authentication are used. User will be placed in another VLAN during logon. This works ok and is needed because the customer has several groups.
Ths customer works with roaming profiles, during startup this profile loads ok.
When the users logoffs, the roaming profile is not synchronised completely, which is shown by the client. after next logon the client shows that the roaming profile has problems. This happens when the client logout and goes from user to machine authentication.
Have updatet the Windows 7 client with the latest hotfixes for 802.1x and saw some improvement. However now it is intermittent. Best results are not swapping VLAN's.
Now my question is, have anyone seen or implemented this before? If so how have you solved it?
I found on the Internet several topics about this where they say not to use user authentication but only machine authentication. However the customer needs userauthentication so no a real option.
As far as I know, it is poosible to assign dynamic ACL's on the 5800 switches. Maybe this is a solution to give some users different rights in the network compared to others. Unfortunatley I cannot find a proper document which descibes this in detail and how to implement. Can anyone help me with this?
- What is necessary for this to implement dynamic ACL's?
- Can this be done with the Windows NPS 2008 or is IMC, UAM and EAD needed?
- Or configure the ACL on the switch and after that assign it via a Radius policy from NPS? If so, what vendor specific attributes are needed?
If you need more information about the configuration or anything else, please let me know?
Thanks in advance.
regards André