cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2579
Views
0
Helpful
9
Replies

Cisco ISE Wired 802.1x - After Restarting Windows 7/10, it didn't display the 802.1x login window

Genesis Cisco
Level 1
Level 1

Hello,

 

MY Ethernet Properties
Uncheck "Remember my credentials for this connection each time I'm logged on.

1193_2_sm.PNG

 

How can I make it display the 802.1x login window after I restart the Windows system 7/10?

 

9 Replies 9

raffyblindogan
Level 1
Level 1

There are 2 possible reasons for that.

 1. Supplicant has been configured to automatically use Windows logon name and password. That option can be removed under the supplicant's advanced settings. You can refer to this link below.

 

https://adfs.optus.com.au/adfs/ls/idpinitiatedsignon.aspx?loginToRp=https://www.successfactors.com/C0001088737P

 

  2. ISE may have hold the session and reauthentication did not happen. Check ISE logs for details.

 

RaffyLindogan
Spotlight
Spotlight

It could be that your supplicant is configured to "Automatically use Windows login name and password".

You can uncheck it and give it a try.

This link is a good reference as well.

 

https://documentation.meraki.com/MS/Access_Control/Configuring_802.1X_Wired_Authentication_on_a_Windows_7_Client

 

Also check the ISE logs as the client session may have not triggered a reauth.

 

Cheers.

Hi RaffyLindogan,

 

Thanks for your reply.

I check the ise log After I restart window system.

It didn't have reauth log.

After I have to shutdown/no shutdown in switch port,it can trigger the reauth.

 

 

Hi mate,

 

I think you found the issue.

So the reason why it did not prompt you to enter your username and password was due to ISE still holding the Auth session.

You have to ensure that accounting start and stop is configured on the access port to have a reauth.

I am just using my mobile at the moment so I can’t provide some helpful links to it.

Just try and find the accounting start stop sample config for nac.

Hope it helps.

Cheers!

Hi RaffyLindogan,

 

The following is my switch configuration.

But it didn't display the 802.1x login window after I restart windows system.

 

aaa new-model
!
!
aaa authentication login vty local
aaa authentication login console none
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa authorization auth-proxy default group radius
aaa accounting delay-start all
aaa accounting auth-proxy default start-stop group radius
aaa accounting dot1x default start-stop group radius
aaa accounting network default start-stop group radius
!

!
aaa server radius dynamic-author
client 192.168.10.191 server-key cisco
!
aaa session-id common
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server key cisco
!
radius server ISE
address ipv4 192.168.10.191 auth-port 1645 acct-port 1646
key cisco

!
interface GigabitEthernet0/1
switchport mode access
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
spanning-tree portfast edge

Hi Jason,

Thanks for your reply.

I have already looked.

When I boot windows system 7/10, it did't  automatically dispaly the 802.1x login window.

Oh you have the accounting start/stop config already.

So that should cover the part where ISE knows when to drop the session with client.

Try and check if your supplicant has  "Automatically use Windows login name and password".

See if disabling that would prompt you for the login.

 

Cheers,

 

Raffy

Hi Raffy,

 

Thanks for your reply.
I already disable "Automatically use Windows login name and password".

When I boot Windows System 7/10,it shows drop log in ise.

it did't automatically display the 802.1x login window.

The following is supplicant drop log.

Snipaste_2019-04-11_15-28-43.jpg