Re: 802.1x and Windows Domain Login

ngss · ‎02-18-2004

I am planning to implement 802.1x login authentication for LAN Users using Cisco ACS.

My setup is something like this:-

User(Windows XP)->Switch(802.1x enable)->ACS->LDAP Database

May I know, once the user had been authenticated thru 802.1x, do they still need to login again into the Windows Domain? What's the default setting?

Thanks

SSng

sstudsdahl · ‎02-20-2004

I'm not sure about WinXP and 802.1x authentication, but with Win2K the Windows Domain login occurs before the 802.1x network login. Once the Windows domain login times out, the 802.1x login is processed. This results in login scripts, that are based on the Windows Domain login, failing to execute. I saw reference to this being fixed with a future update from Microsoft. I am not sure if this would still hold true if you were using certificates to authenticate the machine to the network or not. To answer you question about having to login again to the Windows Domain after the 802.1x, there should be an option in the 802.1x configuration to use you Windows Domain credentials for the 802.1x authentication.

mschooley · ‎03-03-2004

are you going to be using dynamic vlan assignment in wired environment or dot1x ins wirless environment.

Carlos A. Silva · ‎03-04-2004

hi,

i was just about to ask the same thing, but worded differently.

does dot1x vlan assignment work when using the ldap database? i mean, i know that when using the acs local database one can specify the attributes needed for vlan assignment...but if the database is the windb, how can this be done...specially if there are several vlans involved and several member from the ldap db are going to be assigned to different vlans.

can this be done?

regards,

c.