08-13-2019 02:48 PM
We are in the process of deploying dot1x with ISE. We have noticed that there is drastic difference in the "login" time for a machine that is locked between the native supplicant and NAM. If using the native one it takes over 12 seconds for the desktop to be displayed, the NAM it is almost instant. Debugging the switch shows no dot1x packets for either test, and the port shows authenticated as expected. I have looked at windows logs and see nothing and there doesn't appear to be any dot1x traffic or logs on the ISE server.
Any suggestions?
Joe
08-14-2019 04:21 AM
Wired or wireless supplicant?
Are you doing Machine auth, User auth or both?
Machine auth (if configured) is used when machine boots up, as well as when you log out of current user session. When you log in with a user account credential, then a user supplicant authentication is triggered (if its configured of course).
Share some screen shots etc.
08-14-2019 07:04 AM
08-15-2019 02:22 PM
What can I say go "NAM".
Jokes apart, make sure you select both the option in the native supplicant.
Also turn on debugs for dot1x on the switch and look at the logs on the ISE side to see if it even makes it to the switch.
You can also confirm this by seeing if there are RADIUS logs during those 15 seconds.
Check out Windows logs to see if you can find additional information.
-Krishnan
08-20-2019 11:02 AM
I have enabled dot1x debugging and the port is already authenticated:
PadCORP4510#show access-session interface gigabitEthernet 1/43
Interface MAC Address Method Domain Status Fg Session ID
----------------------------------------------------------------------
Gi1/43 503d.e57d.8830 mab VOICE Auth 0A0425180000083F234BDC34
Gi1/43 d481.d76b.1635 dot1x DATA Auth 0A042518000008A78F9F2EEC
Machine is in a locked state and when I put in creds there are no logged messages for either supplicant as the authentication is not changing...I have looked in the Windows Event Logs but haven't found anything of note...is there a specific location or log to inspect?
Thanks,
Joe
08-20-2019 07:56 PM
Please share your Windows Wired Supplicant screenshots - e.g.
08-21-2019 06:11 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide