cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

856
Views
0
Helpful
3
Replies
Wissam Bteich
Beginner

Cisco ISE - Authentication Bullet Not Appearing on a Starting Windows Machine Connected to IP Phone

Dears,

I have this case and I would be very thankful if someone has the answer for !

When Wired AutoConfig service is enabled on a Windows XP (or 7) station that is connected to an IP phone, the "Additional Information is needed to connect to this network" popup bullet successfully appears when the UTP cable is unplugged and then plugged back in the network card or the network adapter is disabled and re-enabled or the switchport configured with Dot1x had a shut no shut.

However, the "Additional Information is needed to connect to this network" does not appear when the Windows workstation reboots and it gets unauthenticated!

Our customer finds it a hard task to instruct his "non IT employees" to unplug the UTP cable and then plug it back or do any of the above methods in order for the authentication bullet to appear.

Does anyone know how to configure the Windows machine so that the authentication popup bullet automatically appears upon machine startup?

Best Regards,

3 REPLIES 3
nspasov
Cisco Employee

Hello Wissam-

Can you post a copy of your 802.1x configs from the switch? Also, what type of authentication are you using (PEAP, EAP-TLS, etc) ?

Hello Neno,

I am using PEAP and below is the dot1x config under the switchport:

interface GigabitEthernet0/4

switchport access vlan 107

switchport mode access

switchport voice vlan 156

authentication event server dead action authorize vlan 107

authentication host-mode multi-domain

authentication order dot1x mab

authentication priority mab

authentication port-control auto

mab

dot1x pae authenticator

dot1x timeout quiet-period 180

spanning-tree portfast

Please note that the authentication bullet appears on a Windows PC directly connected to the switch.

The problem is when the PC is connected to an IP phone or takes too long to boot.

Can you add the following commands to your switchport and see if that fixes your problem:

authentication event fail action next-method

authentication priority dot1x mab

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube