Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2580
Views
0
Helpful
9
Replies

Cisco ISE Wired 802.1x - After Restarting Windows 7/10, it didn't display the 802.1x login window

Genesis Cisco
Level 1
Level 1

‎04-09-2019 08:32 PM

Hello,

 

MY Ethernet Properties
Uncheck "Remember my credentials for this connection each time I'm logged on.

1193_2_sm.PNG

 

How can I make it display the 802.1x login window after I restart the Windows system 7/10?

 

0 Helpful
9 Replies 9

raffyblindogan
Level 1
Level 1

‎04-09-2019 09:15 PM

There are 2 possible reasons for that.

 1. Supplicant has been configured to automatically use Windows logon name and password. That option can be removed under the supplicant's advanced settings. You can refer to this link below.

 

https://adfs.optus.com.au/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://www.successfactors.com/C0001088737P

 

  2. ISE may have hold the session and reauthentication did not happen. Check ISE logs for details.

 

0 Helpful

RaffyLindogan
Spotlight
Spotlight

‎04-09-2019 09:41 PM

It could be that your supplicant is configured to "Automatically use Windows login name and password".

You can uncheck it and give it a try.

This link is a good reference as well.

 

https://documentation.meraki.com/MS/Access_Control/Configuring_802.1X_Wired_Authentication_on_a_Windows_7_Client

 

Also check the ISE logs as the client session may have not triggered a reauth.

 

Cheers.

0 Helpful

Genesis Cisco
Level 1
Level 1
In response to RaffyLindogan

‎04-09-2019 10:44 PM

Hi RaffyLindogan,

 

Thanks for your reply.

I check the ise log After I restart window system.

It didn't have reauth log.

After I have to shutdown/no shutdown in switch port,it can trigger the reauth.

 

 

0 Helpful

RaffyLindogan
Spotlight
Spotlight
In response to Genesis Cisco

‎04-10-2019 01:34 AM

Hi mate,

 

I think you found the issue.

So the reason why it did not prompt you to enter your username and password was due to ISE still holding the Auth session.

You have to ensure that accounting start and stop is configured on the access port to have a reauth.

I am just using my mobile at the moment so I can’t provide some helpful links to it.

Just try and find the accounting start stop sample config for nac.

Hope it helps.

Cheers!

0 Helpful

Genesis Cisco
Level 1
Level 1
In response to RaffyLindogan

‎04-10-2019 03:58 AM

Hi RaffyLindogan,

 

The following is my switch configuration.

But it didn't display the 802.1x login window after I restart windows system.

 

aaa new-model
!
!
aaa authentication login vty local
aaa authentication login console none
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting delay-start all
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
aaa accounting network default start-stop group radius
!

!
aaa server radius dynamic-author
client 192.168.10.191 server-key cisco
!
aaa session-id common
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server key cisco
!
radius server ISE
address ipv4 192.168.10.191 auth-port 1645 acct-port 1646
key cisco

!
interface GigabitEthernet0/1
switchport mode access
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge

0 Helpful

Genesis Cisco
Level 1
Level 1
In response to Jason Kunst

‎04-11-2019 12:44 AM

Hi Jason,

Thanks for your reply.

I have already looked.

When I boot windows system 7/10, it did't  automatically dispaly the 802.1x login window.

0 Helpful

RaffyLindogan
Spotlight
Spotlight
In response to Genesis Cisco

‎04-10-2019 11:14 PM

Oh you have the accounting start/stop config already.

So that should cover the part where ISE knows when to drop the session with client.

Try and check if your supplicant has  "Automatically use Windows login name and password".

See if disabling that would prompt you for the login.

 

Cheers,

 

Raffy

0 Helpful

Genesis Cisco
Level 1
Level 1
In response to RaffyLindogan

‎04-11-2019 12:48 AM

Hi Raffy,

 

Thanks for your reply.
I already disable "Automatically use Windows login name and password".

When I boot Windows System 7/10,it shows drop log in ise.

it did't automatically display the 802.1x login window.

The following is supplicant drop log.

Snipaste_2019-04-11_15-28-43.jpg

0 Helpful
Customers Also Viewed These Support Documents