[ISE]Issue with dot1x computer based auth and wol

Sebastien Guilmer · ‎12-07-2015

Hello all,

We encounter an issue with the WOL fonctionnality and 802.1X using computer based authentication.

Network Wired card is an Intel I217-LM with WOL fonctionnality.

We are doing 802.1X computer based authentication connected to Cisco Switch and Cisco ISE 1.4 patch 4

Computer authentication works well when PC start, or when network cable is unplugged/plugged.

When PC wakes up from sleep, the network card doesn't run 802.1X, and Radius Server doesn't allowed this PC because of MAC unknown.

When we disable Wol fonctionnality from windows card configuration, and the PC wakes up from sleep, 802.1X is running and PC is allowed.

Does anyone have an Idea ?

PC : Windows 10

Network card : I217-LM

Best regards,

Sebastien,

Mohamed Abd Elnaser Mohamed Mohamed Ali · ‎03-02-2016

Have you tried to enable the authentication control-direction in under the Interfaces for those PCs.

Sebastien Guilmer · ‎03-02-2016

Hi Mohamed,

Control-direction was already applied.

But we have found the solution :

When PC is shutdown, the network card is still talking. With 802.1X auth enable, the mac address of this card was not allowed, so after multiple failure auth, mac address was "blacklisted" by the ISE (Supression is enable by default on ISE)

So we had do disable "suppress anomalous Client" in order to work !

Sebastien

greg.fuller · ‎03-12-2016

Check for bios updates or nic driver updates fron your pc vendor. The nic driver upon resume from sleep or hibernation should initiate a new eap session the re-authenticate under Windows in most conditions.