topic Re: 802.1x on wired LAN in Network Access Control

802.1x on wired LAN

remco.gussen — Tue, 26 Mar 2019 00:25:17 GMT

Hi there

I implemented a wired 802.1x authenticated network. I only use machine (computer) certificates to authenticate the workstations. Automatic Certificate Enrollemnt is installed in the Windows 2003 domain. I was wondering what will happen after one year. Right than the certificate is not valif anymore. Auth-Fail VLAN or Guest-VLAN is a Internet-Only VLAN on the firewall.

When users power on their computer the next mornig, access will be rejected. Is it posible to do a automatic certificate renewal a few days before the validity of the certificate expires ?

Regards

Remco

Re: 802.1x on wired LAN

scadora — Mon, 07 Jul 2008 13:44:06 GMT

Your certificate template will have a "renewal period" (for example, 6 weeks). Then, 6 weeks (or whatever the renewal period is) before the certificate is supposed to expire, the workstation will automatically attempt to renew its certificate. As long as the workstation is connected to the domain and has access to the CA at some point during that period, it can update its certificate and hence will not fail authentication.

Hope that helps.

Shelly

Re: 802.1x on wired LAN

remco.gussen — Mon, 07 Jul 2008 17:50:13 GMT

Thanx Shelly...

I also saw that in the certificate template !

Problem solved !!

Re: 802.1x on wired LAN

muhammadsafwan — Tue, 21 Oct 2008 03:55:49 GMT

what happened when the user is outside the network for a very long time and not able to renew the cert before the expiry date?

Re: 802.1x on wired LAN

remco.gussen — Tue, 21 Oct 2008 07:53:44 GMT

Thene authentication will fail.. Certificate is expired.. You have to manually renew the certificate..