04-04-2022 08:23 AM
Hello folks,
We've got an issue using dot1x on 9300's that when a PC goes into sleep mode, the Intel NIC spits out "domain\hostname$iME" as a radius hostname, which fails auth.
Is there a trick to getting these things to authenticate? I've had a look at matching with a "starts with 'domain'" AND ends with "$iME", but that doesn't seem to work. It looks from the log like the NIC is failing TLS?
Anyone seen this and got some tips?
Best, Leigh
Solved! Go to Solution.
04-04-2022 05:52 PM
The EAP-FAST looks suspiciously like AnyConnect NAM - are you using Cisco AnyConnect by any chance?
Are you saying this happens before the laptop eventually goes to sleep, or after it wakes up from sleep?
Does the rest of your 802.1X work as expected? How is your supplicant configured?
Normally, when you see host/xxxx in the RADIUS User-Name then it indicates that the Windows host is trying to perform Computer authentication. This happens during the PC boot up and also during the Windows user log off process.
04-04-2022 05:52 PM
The EAP-FAST looks suspiciously like AnyConnect NAM - are you using Cisco AnyConnect by any chance?
Are you saying this happens before the laptop eventually goes to sleep, or after it wakes up from sleep?
Does the rest of your 802.1X work as expected? How is your supplicant configured?
Normally, when you see host/xxxx in the RADIUS User-Name then it indicates that the Windows host is trying to perform Computer authentication. This happens during the PC boot up and also during the Windows user log off process.
04-05-2022 12:29 PM
I am with @Arne Bier on this one with the thought that NAM is in use simply because EAP-FAST is shown. Take a look at the configured unprotected identity patterns defined in the NAM profile. Wondering if that may have anything to do with what you are seeing. Pretty sure the default is set to anonymous, but worth a shot to check a box.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide