06-24-2003 06:38 AM - edited 03-10-2019 07:22 AM
After reading most of the docs and related postings, I have concluded that inorder to do 802.1x with a single logon (the user is put into the correct vlan and the logged onto the domain) so that it as seamless to the user as possible, I need to use PEAP, which requires a CA, and ACS 3.2 so that it understands MS CHAP.
My clients are W2K, I would rather not use certificates if possible, i.e. using md5, but don't mind if required for single login.
Also, I noticed in ACS 3.2 docs that the machine could log in independently of the user, so multiple users could use the same machine. This isn't what I need, I have multiple people using the same machine, I want it so that whenever a new user logs in, he is reauthenticated and placed in correct vlan.
Is this possible?
06-29-2003 02:51 PM
Hi,
Yes this is possible, even if you are using EAP-MD5, it will assign different vlans based on different userid you login with , even from the same machine.
Thanks
Sujit
07-02-2003 03:10 AM
have to disagree a little. With md5 required second logon and wouldn't authenticate against nt database, acs returned error "authentication type not supported by external database"
single logon works with peap, also with multiple users on same machine, however, have to reboot when user logs off and new user logs on. Microsoft peap client doesn't seem to be sending eapol logoff to switch according to switch debugs.
any thoughts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide