![]() ![]() When the laptops that are failing try to authenticate and then fail. please make sure this is not the case in your network and if its not just check the logs for any suspicious looking logs :) also check to see if the failed auth requests are localised to one area could be a prob with one AP or intefernce from nearby AP's or hoppin btwn AP's (the AP theory assumes that you use one SSID for all your AP's :] wrote: the user might start the connection attempt with one AP (radius client) and then the laptop finds a much better signal from a nearby AP and before auth is finished with the first AP the machine has moved on to another AP and the auth fails. Or if your AP's are configured as radius clients which i think they are, make sure you dont have too many AP's close together in one place which could cause inteference or hopping between AP's by the laptop. is there anything logged on the IAS or NPS server? Please check this out so we can have a starting point. Has this wired port ever passed 802.1x authentication successfully? On the Microsoft Page over here: (WS.10).aspx please enable tracing for the wired interface to see what is going on.Ĭome to think of it. On the Microsoft Page over here: (WS.10).aspx please enable tracing for the wired interface to see what is going wrote: It sure seems the problem is on the windows side, but I was hoping someone would have seen this before and had a solution. It sure seems the problem is on the windows side, but I was hoping someone would have seen this before and had a wrote: Still very puzzeling is why simply unplugging, and then plugging back in the ethernet cable causes the authentication to attempt and succeed immediately. We've tried changing many of the auth settings on the windows 7 client with no success. Here are the results of the show auth-tracebuf mac : This is likely a windows thing but we can't figure out what to change. We are connecting to a 3600 controller running 6.1.2.3 code with another 3600 running the same code as the master behind it. Once the user disconnects and reconnects the ethernet cable everything works fine until the next time the laptop is reconnected the same issue occures. ![]() The initial role is logon, I also read here to use the denyall role which I tried but that did not fix the problem. By the way, disabling and then enabling the NIC on the laptop or stopping and then restarting the Wired AutoConfig also makes it work. Then it responds and the authentication works perfectly. What is happening is that the laptop won't reply to the eapreq packets from the controller until we unplug the ethernet from the laptop and plug it back in. The phone is configured to accept and process vlan 44 traffic and pass vlan 42 traffic on to the laptop. So, the phone plugs into the RAP5 ethernet port 1 or 2, and the 802.1x enabled Windows7 laptop plugs into the phone (Cisco 7940). This is because we use ip phones that will not do 802.1x. We also have a user derivation rule that allows devices with certain MAC OUI's to match the rule and get a 'cisco phones' rule. We have the ports configured as trunks and we are trunking down vlans 42 and 44. We have set up ethernet ports 1 and 2 to use 802.1x auth for our wired users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |