cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2746
Views
10
Helpful
7
Replies

ISE 2.7 TEAP windows 10 Remote Desktop fail

Hi

I have windows 10 with TEAP (mschap-v2) and native windows supplicant, all windows fine with connectivity and ISE. My problem begin when I execute Remote Desktop between PC windows with TEAP 802.1X. Remote Desktop can't works fine and the connection it's not successful.

 Microsoft say adjust connection type to "user or computer", but this don't solve it

please someone have an idea?

 

 

1 Accepted Solution

Accepted Solutions

As stated in the link shared below, the Windows supplicant does not initiate an 802.1x session when an RDP login happens. The only workaround is to use AnyConnect NAM as the supplicant instead of the native supplicant.
AnyConnect NAM supports EAP-FAST for EAP Chaining. This support actually pre-dates TEAP and was the basis for the standards-based TEAP protocol.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

 

View solution in original post

7 Replies 7

ammahend
VIP Alumni
VIP Alumni

so you have 2 PC authenticated with 802.1X and working and when you initiate RDP between them RDP connection it does not work ?

what does your authorization policy looks like ?

-hope this helps-

Yes I have two PC with Teap , both with mschap-v2, all is alright but RDP is not works and all PC is in the same network segment no firewall between PC

what does the authorization policy look like for these PCs ? are you pushing any dynamic ACL as part of authorization or dynamic vlan, any ACL on VLAN SVI ?

-hope this helps-

Hi

The DACL is permit ip any any


I remember reading some limitation on this with windows native supplicant, not able to find the document, do you think you can try with Cisco NAM.

try this workaround with NAM see if it helps.

https://community.cisco.com/t5/network-access-control/unable-to-rdp-to-windows-desktop-after-dot1x-enabled/td-p/4317334

 

-hope this helps-

Hi

Cisco Anyconnect NAM don’t have the option TEAP


As stated in the link shared below, the Windows supplicant does not initiate an 802.1x session when an RDP login happens. The only workaround is to use AnyConnect NAM as the supplicant instead of the native supplicant.
AnyConnect NAM supports EAP-FAST for EAP Chaining. This support actually pre-dates TEAP and was the basis for the standards-based TEAP protocol.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html