Solved: Re: PCs use MAB when user locks machine

GRANT3779 · ‎10-05-2017

I have been testing the following with ISE -

Windows PC / Native Supplicant -

Authenticates/Authorises using EAP-TLS and Machine Cert upon boot up - Works OK

User logs on to PC -

Authenticates / Authorises with EAP-TLS and user Cert + MAR - Works OK

When a user locks their PC (which is set to never sleep) - eventually I see the PC MAC address in the Radius logs using MAB every 90 seconds and essentially failing authentication.

I am not sure why. I would have thought that due to the user still being logged in, the user authentication would still be valid until log off.

It seems to only be with PCs. If a laptop user locks the laptop and leaves it overnight, the logs show the authentication for the user still valid and live. PC however, MAB seems to kick in every 90 seconds with PC locked.

I know that 90 seconds is the default that an endpoint has to wait until it gets authenticted via MAB but not entirely sure why this is happening in my case for PCs when user locks PC.

I have attached the port config and the neccessary radius config, minus the servers etc..

Thanks

GRANT3779 · ‎10-13-2017

Just to update for any others who may see this.

The NIC of the PC was set to go to sleep/power off. Certain packets such as someone trying to RDP to the machine amongst others would wake the NIC up.

Any EAP traffic from Authenticator would not "wake" it up hence dot1x not kicking in. We will create a script to turn this off.

View solution in original post

GRANT3779 · ‎10-13-2017

Just to update for any others who may see this.

The NIC of the PC was set to go to sleep/power off. Certain packets such as someone trying to RDP to the machine amongst others would wake the NIC up.

Any EAP traffic from Authenticator would not "wake" it up hence dot1x not kicking in. We will create a script to turn this off.