cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1085
Views
0
Helpful
3
Replies

Cisco ISE - Authentication Bullet Not Appearing on a Starting Windows Machine Connected to IP Phone

Wissam Bteich
Level 1
Level 1

Dears,

I have this case and I would be very thankful if someone has the answer for !

When Wired AutoConfig service is enabled on a Windows XP (or 7) station that is connected to an IP phone, the "Additional Information is needed to connect to this network" popup bullet successfully appears when the UTP cable is unplugged and then plugged back in the network card or the network adapter is disabled and re-enabled or the switchport configured with Dot1x had a shut no shut.

However, the "Additional Information is needed to connect to this network" does not appear when the Windows workstation reboots and it gets unauthenticated!

Our customer finds it a hard task to instruct his "non IT employees" to unplug the UTP cable and then plug it back or do any of the above methods in order for the authentication bullet to appear.

Does anyone know how to configure the Windows machine so that the authentication popup bullet automatically appears upon machine startup?

Best Regards,

3 Replies 3

nspasov
Cisco Employee
Cisco Employee

Hello Wissam-

Can you post a copy of your 802.1x configs from the switch? Also, what type of authentication are you using (PEAP, EAP-TLS, etc) ?

Hello Neno,

I am using PEAP and below is the dot1x config under the switchport:

interface GigabitEthernet0/4

switchport access vlan 107

switchport mode access

switchport voice vlan 156

authentication event server dead action authorize vlan 107

authentication host-mode multi-domain

authentication order dot1x mab

authentication priority mab

authentication port-control auto

mab

dot1x pae authenticator

dot1x timeout quiet-period 180

spanning-tree portfast

Please note that the authentication bullet appears on a Windows PC directly connected to the switch.

The problem is when the PC is connected to an IP phone or takes too long to boot.

Can you add the following commands to your switchport and see if that fixes your problem:

authentication event fail action next-method

authentication priority dot1x mab

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: