Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1806
Views
0
Helpful
3
Replies

802.1X NIC issue

AbelBurgos5029
Level 1
Level 1

‎05-16-2020 10:40 AM

Hello everyone,

 

I am having some issues with my dot1x configuration and was hoping to get some ideas on what the issue might be.... End points are configured with windows supplicant software, Cisco 9300 working as authenticator and Cisco ISE as authentication server. All devices have been configured, but here is the issue:

 

Every time I log into a workstation, and go to the NIC properties, it will show "attempting to authenticate" and will not complete the authentication until I either reset the NIC or I click switch user and log back in with the same user. Once I do one of those two things, the "windows security login" pops up asking for the credentials once again. Once I re-enter the credentials thats when the authentication is completed and the log appears in the ISE Radius Log as successful.

 

Any ideas why the "windows security login" doesnt appear without having to mess with the computer NIC?

Labels:
0 Helpful
3 Replies 3

JELA
Level 1
Level 1

‎05-16-2020 12:15 PM

Hello,
Could you please help give us a better understanding:

  • Which windows version are you running?
  • What kind of authentication are you using (EAP-PEAP MSCHAPv2?)
  • Could you please provide the C9300 interface configuration where host is connected?
  • The output of the "show authentication session interface XXXX" (where XXX is the iface where the host is connectec) when you get the "windows security login" prompt

Thank you.

 

0 Helpful

AbelBurgos5029
Level 1
Level 1
In response to JELA

‎05-17-2020 09:20 AM

Hello.

 

I am using windows 10.

Authentication is PEAP-MSCHAPV2

 

I will get you the interface configuration tomorrow once I go into the office. It is a classified network so I dont have remote access.

 

Thanks for the help!

0 Helpful

AbelBurgos5029
Level 1
Level 1
In response to JELA

‎05-19-2020 04:22 PM

Hello,

Here is part of the configuration in the switch:

Switch# configure terminal

Switch(config)# dot1x system-auth-control

Switch(config)# aaa new-model

Switch(config)# aaa authentication dot1x default group radius

Switch(config-if)# switchport mode access

Switch(config-if)# dot1x pae authenticator

Switch(config-if)# dot1x port-control auto

 

Like I said, if I restart the NIC, it would go through and authenticate using 802.1x but not sure why it wont work without restarting the NIC everytime.

 

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents