cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
627
Views
5
Helpful
1
Replies

Configure Wired 802.1X

Dear All,

I am in middle of implementing wired 802.1x in one of our customer campus with ISE 2.1.0.474 and its configured successfully, but after given demo to customer, they raise some requirement on which I would like to have your expert advice to how to achieve them: -

  • Campus is educational institute.
  • All wired desktops are not in domain; they are in multiple workgroup.

Requirement: -

  • If a student login with his/her id in to any one desktop, then that student id cannot get logged in in any other desktop i.e. set max user login.
  • If a student logged in in desktop and he/she forget to logout and then there should auto-off i.e. idle timeout.
  • If any desktop/system is not logged in or say idle and if any student comes in and login, then username & password should pop-up i.e. if some student was previously working on that desktop, he/she then log-off and went away, now some other student comes and logs in then new student should get username & password windows pop-up, so that new student can login and start his/her work.

Regards

Amit

1 Accepted Solution

Accepted Solutions

bern81
Level 1
Level 1

Hi,

you mentioned

All wired desktops are not in domain; they are in multiple work group (in that case against what Database you will authenticate the users?)

I presume you want to do PEAP (EAP-MSCHAPv2) which requires the user to type his credentials.

 

if a student logged in in desktop and he/she forget to logout and then there should auto-off i.e. idle timeout (try those cmds on the switchport: dot1x timeout supp-timeout  <sec>

                       dot1x max-req <tries>

for the 3rd requirement: normally it should be by default that you get a pop-up message from the ethernet adapter (additional information is needed to connect to this network) to fill your 802.1X credentials, however this option is not scalable/Transparent and will confuse regular non IT users because normally if you have AD integrated you would tie windows logon to 802.1X.

 

Plase rate if this is helpfull

 

 

 

 

 

View solution in original post

1 Reply 1

bern81
Level 1
Level 1

Hi,

you mentioned

All wired desktops are not in domain; they are in multiple work group (in that case against what Database you will authenticate the users?)

I presume you want to do PEAP (EAP-MSCHAPv2) which requires the user to type his credentials.

 

if a student logged in in desktop and he/she forget to logout and then there should auto-off i.e. idle timeout (try those cmds on the switchport: dot1x timeout supp-timeout  <sec>

                       dot1x max-req <tries>

for the 3rd requirement: normally it should be by default that you get a pop-up message from the ethernet adapter (additional information is needed to connect to this network) to fill your 802.1X credentials, however this option is not scalable/Transparent and will confuse regular non IT users because normally if you have AD integrated you would tie windows logon to 802.1X.

 

Plase rate if this is helpfull