topic Re: Wired Domain Computer and User 802.1x being logged as MAB when using RDP/Remote VPN in Network Access Control

Wired Domain Computer and User 802.1x being logged as MAB when using RDP/Remote VPN

laurathaqi — Tue, 29 Jun 2021 08:07:27 GMT

Dear community,

I have configured 802.1x for domain computers and users, to authenticate via EAP-TLS and for some switches that do not support EAP-TLS, I have configured PEAP.

Have done tests on both cases and successful logs and policies are applied when logged in Windows machine directly from office. However there is the issue of RDP login as following: When I log in via RDP to that supplicant, ISE reads it as MAB thus applies MAB Policies.

Same problem happens when logging in via Remote Access VPN.

Do you have any idea why this is the case and/or how to troubleshoot further?

Looking forward to hearing from you.

Thank you,

Laura

Re: Wired Domain Computer and User 802.1x being logged as MAB when using RDP/Remote VPN

hslai — Mon, 05 Jul 2021 15:10:13 GMT

On remote desktop, see 802.1x user authentication fails when an RDS connection comes in.

On VPN, this depends on the VPN head-end, the VPN client used, and how your policy rules configured.

Re: Wired Domain Computer and User 802.1x being logged as MAB when using RDP/Remote VPN

laurathaqi — Wed, 14 Jul 2021 06:47:44 GMT

Hi all,

RDP was not being read as dot1x, thus failing to MAB. Turns out Windows does not support dot1x on RDP connections, thus not triggering dot1x. NAM or EasyConnect are other options possible to be used.

Hope it helps someone.

Best wishes,

Laura