Solved: User Auth - Dot1x

junk1 · ‎08-18-2017

Hi

For one of my customer, I am using "User Authentication" mode for Win7 and Win8 endpoints. When the user credentials are entered in the pop-up window while the network cable is connected, I get authenticated properly over dot1x and get assigned with right VLAN and IP address (even shut / no-shut of switchport works perfect).

But when I restart the machine after clearing credentials in the Ethernet settings and enter credentials in GINA screen, the user is not getting authenticated over dot1x. It waits, then fails dot1x and goes through MAB.

I tried changing the timer values of the interface sub-configuration command had "dot1x timeout tx-period 10" to 30, 60 and 90, but none passes the authentication when credentials are entered in GINA screen alone.

I understand this issue is due to dot1x authentication request getting timed-out and the solution is to have both machine & user authentication. But I would need your suggestions on how to show the customer that dot1x authentication request getting timed-out is the root-cause by changing what timer values. Please advise.

Attached are the switch configuration and logging output.

Thanks and Regards

V Vinodh.

Craig Hyps · ‎08-18-2017

If not already, make sure Windows supplicant is configured to use Windows login credentials (under Authentication > Microsoft PEAP Settings > Select Authentication Method (Secure Password EAP-MSCHAPv2) > Configure > Automatically Use My Windows Login name and password. For most clients, a tx period of 10 with 2 or 3 retries is sufficient.

View solution in original post

Craig Hyps · ‎08-18-2017

If not already, make sure Windows supplicant is configured to use Windows login credentials (under Authentication > Microsoft PEAP Settings > Select Authentication Method (Secure Password EAP-MSCHAPv2) > Configure > Automatically Use My Windows Login name and password. For most clients, a tx period of 10 with 2 or 3 retries is sufficient.