Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
20
Helpful
4
Replies

Logoff on a RDP machine finishes 802.1x session/Default VLAN

Go to solution
network_geek1979
Level 1
Level 1

‎11-01-2022 02:14 AM

Team, an issue we are facing with one of our client machines.

We have some end user who try an RDP to a machine in the office network.
However, in our case for a successful authentication to take place the machine must show the user certificate to the network.

Till the user does an RDP certificate authentication does not work, and the machine gets an IP address on the Guest VLAN till then.
Any suggestions on getting over this behavior?

 

Regards,

N!

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ahollifield
VIP
VIP

‎11-01-2022 08:28 AM

AnyConnect NAM solves this problem.

View solution in original post

Go to solution
Aref Alsouqi
VIP
VIP

‎11-01-2022 09:44 AM

As already mentioned, you would need to install AnyConnect NAM or you can also use TEAP to fix that issue. Essentially what you need in this case is EAP chaining, otherwise when the user tries to RDP to the remote host, the session will still be previous one that has been already authenticated and authorized. AnyConnect NAM require buying its licenses as well as deploying the software on all the hosts that would be RDP'ed. However, TEAP is much simpler and has no extra cost, the only thing to keep in mind with TEAP is that you need the Windows 10 build 2004, otherwise you won't see it as an option in the NIC dot1x tab.

View solution in original post

4 Replies 4

Go to solution
Dustin Anderson
VIP
VIP

‎11-01-2022 07:41 AM

Not a helpful answer, but the issue is Microsoft doesn't register an RDP session as a login, so the networks will still see it as a machine. I don't know of a way around it without some installed program to force it.

 

Here we have Citrix and a receiver app installed on computers so when they remote in it triggers it as a login.

Go to solution
ahollifield
VIP
VIP

‎11-01-2022 08:28 AM

AnyConnect NAM solves this problem.

Go to solution
Dustin Anderson
VIP
VIP
In response to ahollifield

‎11-01-2022 08:45 AM

AnyConnect NAM causes more problems than it solves lol.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎11-01-2022 09:44 AM

As already mentioned, you would need to install AnyConnect NAM or you can also use TEAP to fix that issue. Essentially what you need in this case is EAP chaining, otherwise when the user tries to RDP to the remote host, the session will still be previous one that has been already authenticated and authorized. AnyConnect NAM require buying its licenses as well as deploying the software on all the hosts that would be RDP'ed. However, TEAP is much simpler and has no extra cost, the only thing to keep in mind with TEAP is that you need the Windows 10 build 2004, otherwise you won't see it as an option in the NIC dot1x tab.

Customers Also Viewed These Support Documents