This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We are in the process of deploying dot1x with ISE. We have noticed that there is drastic difference in the "login" time for a machine that is locked between the native supplicant and NAM. If using the native one it takes over 12 seconds for the desktop to be displayed, the NAM it is almost instant. Debugging the switch shows no dot1x packets for either test, and the port shows authenticated as expected. I have looked at windows logs and see nothing and there doesn't appear to be any dot1x traffic or logs on the ISE server.
Wired or wireless supplicant?
Are you doing Machine auth, User auth or both?
Machine auth (if configured) is used when machine boots up, as well as when you log out of current user session. When you log in with a user account credential, then a user supplicant authentication is triggered (if its configured of course).
Share some screen shots etc.
What can I say go "NAM".
Jokes apart, make sure you select both the option in the native supplicant.
Also turn on debugs for dot1x on the switch and look at the logs on the ISE side to see if it even makes it to the switch.
You can also confirm this by seeing if there are RADIUS logs during those 15 seconds.
Check out Windows logs to see if you can find additional information.
I have enabled dot1x debugging and the port is already authenticated:
PadCORP4510#show access-session interface gigabitEthernet 1/43
Interface MAC Address Method Domain Status Fg Session ID
Gi1/43 503d.e57d.8830 mab VOICE Auth 0A0425180000083F234BDC34
Gi1/43 d481.d76b.1635 dot1x DATA Auth 0A042518000008A78F9F2EEC
Machine is in a locked state and when I put in creds there are no logged messages for either supplicant as the authentication is not changing...I have looked in the Windows Event Logs but haven't found anything of note...is there a specific location or log to inspect?