Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
5
Helpful
6
Replies

IBNS - 802.1x issue

wmohamed
Level 1
Level 1

‎06-17-2006 02:22 PM - edited ‎03-09-2019 03:17 PM

Hi group

I have an 802.1x issue in a IBNS implementation, once the pc switched on and the user login using his username/password he takes his right VLAN and IP, but if we logout and try to login using a new user the windows refuse to login because it don?t see the domain. The only way to solve this is to unplug and plug it back.

Please advice

Labels:
0 Helpful
6 Replies 6

jafrazie
Cisco Employee
Cisco Employee

‎06-18-2006 04:58 AM

Is the machine a member of the domain? If so, have you enabled machine authentication? It's enabled by default.

This may help:

<http://www.microsoft.com/technet/itsolutions/network/wifi/wififaq.mspx#EAAAA>

0 Helpful

wmohamed
Level 1
Level 1
In response to jafrazie

‎06-18-2006 05:03 AM

Yes the machine is member of a domain. yes there is machine authentication. Also the machine connected behind an IP Phone.

0 Helpful

jafrazie
Cisco Employee
Cisco Employee
In response to wmohamed

‎06-18-2006 05:09 AM

Can you confirm that machine authentication completes successfully when the user logs out? (a user logout, is a machine login by default with the windows supplicant).

Does the 2nd tested user have cached credentials on the PC?

0 Helpful

wmohamed
Level 1
Level 1
In response to jafrazie

‎06-18-2006 05:25 AM

This is exactly my problem. after the user log out the swtich doesn't feel this logout.

For example; if we have user A and user B. UserA boots andlogin to the machine. UserA will get authenticated and put to certain VlanA and all is working as expected.

Then UserA logout and UserB login. Now UserB ends up on guest vlan, which is not correct. UserB is expected to connect on VlanB.

To get UserB in to the right VlanB you will have to pug off/on the cable.

I hope i made my self clear

Thanks

0 Helpful

jmiller
Level 1
Level 1
In response to wmohamed

‎08-05-2006 11:00 AM

I know it's six weeks later at this point so I'm not sure if you are still having this issue or not. I jsut encountered the exact same scenario recently. The fix was adding another registry key to the XP client. Most artlices and postings explain the need for the 'SupplicantMode' registry key and having it set to value=3. There is another key that sits in the same place called 'AuthMode'. The value of AuthMode must be set to value=1.

This setting tells the supplicant to send an EAPoL stop message to the switch at certain times. The EAPoL stop message is sent whenever the login status changes.

For example, when the machine boots up and no one has logged in but the machine has authenticated, been assigned a VLAN and IP address. You then hit Ctrl-Alt-Del, enter the user credentials and hit enter. At this time the supplicant sends the EAPoL stop and the switch initiates authentication again. This same process happens on logoff as well. You can see it all taking place if you watch the output of "debug dot1x all" and "debug radius".

The place to put both the SupplicantMode and AuthMode registry keys is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global

Let me know if this has worked out for you.

wmohamed
Level 1
Level 1
In response to jmiller

‎08-06-2006 10:19 AM

Hi

i would like to thank you for your post, it reply explains a lot to me.

Thanks

Waleed

0 Helpful
Customers Also Viewed These Support Documents