Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2806
Views
10
Helpful
7
Replies

ISE 2.7 TEAP windows 10 Remote Desktop fail

Go to solution
Juan Marilaf Millahual
Level 1
Level 1

‎08-21-2022 08:07 PM

Hi

I have windows 10 with TEAP (mschap-v2) and native windows supplicant, all windows fine with connectivity and ISE. My problem begin when I execute Remote Desktop between PC windows with TEAP 802.1X. Remote Desktop can't works fine and the connection it's not successful.

 Microsoft say adjust connection type to "user or computer", but this don't solve it

please someone have an idea?

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Juan Marilaf Millahual

‎08-22-2022 03:36 PM

As stated in the link shared below, the Windows supplicant does not initiate an 802.1x session when an RDP login happens. The only workaround is to use AnyConnect NAM as the supplicant instead of the native supplicant.
AnyConnect NAM supports EAP-FAST for EAP Chaining. This support actually pre-dates TEAP and was the basis for the standards-based TEAP protocol.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

 

View solution in original post

7 Replies 7

Go to solution
ammahend
VIP Alumni
VIP Alumni

‎08-21-2022 09:56 PM

so you have 2 PC authenticated with 802.1X and working and when you initiate RDP between them RDP connection it does not work ?

what does your authorization policy looks like ?

-hope this helps-
0 Helpful

Go to solution
Juan Marilaf Millahual
Level 1
Level 1
In response to ammahend

‎08-21-2022 10:08 PM

Yes I have two PC with Teap , both with mschap-v2, all is alright but RDP is not works and all PC is in the same network segment no firewall between PC
0 Helpful

Go to solution
ammahend
VIP Alumni
VIP Alumni
In response to Juan Marilaf Millahual

‎08-22-2022 08:29 AM

what does the authorization policy look like for these PCs ? are you pushing any dynamic ACL as part of authorization or dynamic vlan, any ACL on VLAN SVI ?

-hope this helps-
0 Helpful

Go to solution
Juan Marilaf Millahual
Level 1
Level 1
In response to ammahend

‎08-22-2022 09:04 AM

Hi

The DACL is permit ip any any


0 Helpful

Go to solution
ammahend
VIP Alumni
VIP Alumni
In response to Juan Marilaf Millahual

‎08-22-2022 10:21 AM

I remember reading some limitation on this with windows native supplicant, not able to find the document, do you think you can try with Cisco NAM.

try this workaround with NAM see if it helps.

https://community.cisco.com/t5/network-access-control/unable-to-rdp-to-windows-desktop-after-dot1x-enabled/td-p/4317334

 

-hope this helps-

Go to solution
Juan Marilaf Millahual
Level 1
Level 1
In response to ammahend

‎08-22-2022 12:09 PM

Hi

Cisco Anyconnect NAM don’t have the option TEAP


0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Juan Marilaf Millahual

‎08-22-2022 03:36 PM

As stated in the link shared below, the Windows supplicant does not initiate an 802.1x session when an RDP login happens. The only workaround is to use AnyConnect NAM as the supplicant instead of the native supplicant.
AnyConnect NAM supports EAP-FAST for EAP Chaining. This support actually pre-dates TEAP and was the basis for the standards-based TEAP protocol.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/eap-fast/200322-Understanding-EAP-FAST-and-Chaining-imp.html

 

Customers Also Viewed These Support Documents