Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3600
Views
0
Helpful
3
Replies

Dot1X supplicant configuration for USB C-Dock on Windows 10

steffen.bodensohn@heraeus.com
Level 1
Level 1

‎08-22-2020 02:15 AM

Hello,

 

we are currently working to implement dot1x / NAC and have a problem with USB C-Dock´s.

My colleauge from our client team wants to rollout the supplicant configuration via script that activates dot1x on every network card adapter in Windows 10. 

Nevertheless as people move around with their notebook they connect to different USB C-Dock´s 

 

Everytime when this happens a new Network Card Adapter is created  without dot1x configuration. 

The script must triggered again to apply the configuration on the newly created adapter. 

 

Is there anybody facing the same issue or has an idea how to solve it ? 

How did you rollout dot1x configuration ? 

 

Best regards,

steffen bodensohn

0 Helpful
3 Replies 3

Colby LeMaire
VIP Alumni
VIP Alumni

‎08-22-2020 09:31 AM

If you use AD GPO's to push out the supplicant configuration, then the config applies to all ethernet interfaces.  That is the recommended way of pushing it out.

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎08-23-2020 01:17 AM

Hi,

The USB-C doesn't create new ethernet port. Instead the mac address seen by
the switch changes but the adapter is same with same settings. We have been
using Dell docking stations with USB-C and that's the case.

Having that said, if you see adapter settings changing, move to anyconnect
NAM to be used as supplicant. This will fix your problem because the XML
file is applied at nam level. This is the best practice on windows 10
instead of using windows supplicant.

***** please remember to rate useful posts
0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎08-23-2020 07:56 PM

It sounds like the Win10 PC is creating new connection profiles (possibly with a different pass-through MAC address) for each new dock that is connected. The supplicant for that connection would then have to be configured for 802.1x.

This is likely a function of the driver for the docking station. If you have not done so already, I would suggest opening a support case with the dock vendor to see if there as advanced setting in the driver that will mitigate this issue (or request an enhancement to the driver if it does not exist).

With more and more enterprise customers deploying Wired 802.1x, I would think vendors will need to consider this caveat in their driver designs.

0 Helpful
Customers Also Viewed These Support Documents