07-29-2005 12:41 PM - edited 03-09-2019 12:00 PM
Has anyone deployed 802.1x in a wired Win XP/Cisco enviroment? I'm mostly interested in any bugs/issues, and if the XP 802.1x client will transparently pass-through the AD credentials each login. Also, how should one handle DHCP and Active Directory authentication, since this these happen before the user is logged in and permitted to talk on the network.
Solved! Go to Solution.
08-06-2005 10:23 PM
I have done some testing with 802.1x on the wired network.
I can tell you that in my tests the Windows supplicant was very unreliable. I had to apply 3 or 4 registry settings to make it work properly, but the logon was delayed because of it. The biggest issue was authenticating before a DHCP timeout occured. I was never able to get 802.1x reathentication to work either.
I then switched to testing Funk Software's Odyssey 802.1x client. It has worked very well. I've yet to have any issue with it. The only downside is that it comes with a price tag.
When configured, machine authentication occurs at bootup. This allows you to apply computer policy before the Windows logon screen appears.
After machine authentication, users enter their username/password at the Windows login screen and the 802.1x supplicant uses this to authenticate again to the network using the users credentials. After authentication succeeds, the users credentials are then passed to Windows AD for login. The user only has to enter their information once for this to happen if configured to do so.
From my experience, I would difinetly recommend a thrid party 802.1x client. For one thing, you can't use group policy to configure the wired 802.1x settings with Windows built-in client. Our admin did find a way to do this with registry settings, but it is a real pain.
Hope this helps,
Mark
08-05-2005 11:25 AM
You need to check the release notes and associated caveats for this....
08-06-2005 10:23 PM
I have done some testing with 802.1x on the wired network.
I can tell you that in my tests the Windows supplicant was very unreliable. I had to apply 3 or 4 registry settings to make it work properly, but the logon was delayed because of it. The biggest issue was authenticating before a DHCP timeout occured. I was never able to get 802.1x reathentication to work either.
I then switched to testing Funk Software's Odyssey 802.1x client. It has worked very well. I've yet to have any issue with it. The only downside is that it comes with a price tag.
When configured, machine authentication occurs at bootup. This allows you to apply computer policy before the Windows logon screen appears.
After machine authentication, users enter their username/password at the Windows login screen and the 802.1x supplicant uses this to authenticate again to the network using the users credentials. After authentication succeeds, the users credentials are then passed to Windows AD for login. The user only has to enter their information once for this to happen if configured to do so.
From my experience, I would difinetly recommend a thrid party 802.1x client. For one thing, you can't use group policy to configure the wired 802.1x settings with Windows built-in client. Our admin did find a way to do this with registry settings, but it is a real pain.
Hope this helps,
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide