Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
5
Helpful
2
Replies

802.1x and client config

Go to solution
bwindle
Level 1
Level 1

‎07-29-2005 12:41 PM - edited ‎03-09-2019 12:00 PM

Has anyone deployed 802.1x in a wired Win XP/Cisco enviroment? I'm mostly interested in any bugs/issues, and if the XP 802.1x client will transparently pass-through the AD credentials each login. Also, how should one handle DHCP and Active Directory authentication, since this these happen before the user is logged in and permitted to talk on the network.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MARK BAKER
Level 4
Level 4

‎08-06-2005 10:23 PM

I have done some testing with 802.1x on the wired network.

I can tell you that in my tests the Windows supplicant was very unreliable. I had to apply 3 or 4 registry settings to make it work properly, but the logon was delayed because of it. The biggest issue was authenticating before a DHCP timeout occured. I was never able to get 802.1x reathentication to work either.

I then switched to testing Funk Software's Odyssey 802.1x client. It has worked very well. I've yet to have any issue with it. The only downside is that it comes with a price tag.

When configured, machine authentication occurs at bootup. This allows you to apply computer policy before the Windows logon screen appears.

After machine authentication, users enter their username/password at the Windows login screen and the 802.1x supplicant uses this to authenticate again to the network using the users credentials. After authentication succeeds, the users credentials are then passed to Windows AD for login. The user only has to enter their information once for this to happen if configured to do so.

From my experience, I would difinetly recommend a thrid party 802.1x client. For one thing, you can't use group policy to configure the wired 802.1x settings with Windows built-in client. Our admin did find a way to do this with registry settings, but it is a real pain.

Hope this helps,

Mark

View solution in original post

2 Replies 2

Go to solution
umedryk
Level 5
Level 5

‎08-05-2005 11:25 AM

You need to check the release notes and associated caveats for this....

0 Helpful

Go to solution
MARK BAKER
Level 4
Level 4

‎08-06-2005 10:23 PM

I have done some testing with 802.1x on the wired network.

I can tell you that in my tests the Windows supplicant was very unreliable. I had to apply 3 or 4 registry settings to make it work properly, but the logon was delayed because of it. The biggest issue was authenticating before a DHCP timeout occured. I was never able to get 802.1x reathentication to work either.

I then switched to testing Funk Software's Odyssey 802.1x client. It has worked very well. I've yet to have any issue with it. The only downside is that it comes with a price tag.

When configured, machine authentication occurs at bootup. This allows you to apply computer policy before the Windows logon screen appears.

After machine authentication, users enter their username/password at the Windows login screen and the 802.1x supplicant uses this to authenticate again to the network using the users credentials. After authentication succeeds, the users credentials are then passed to Windows AD for login. The user only has to enter their information once for this to happen if configured to do so.

From my experience, I would difinetly recommend a thrid party 802.1x client. For one thing, you can't use group policy to configure the wired 802.1x settings with Windows built-in client. Our admin did find a way to do this with registry settings, but it is a real pain.

Hope this helps,

Mark

Customers Also Viewed These Support Documents