Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
0
Helpful
3
Replies

PEAP Windows Logon -Machine & User Authentication -Multiple VLANS

spartridge
Level 1
Level 1

‎11-03-2005 08:12 AM - edited ‎07-04-2021 11:18 AM

Windows Client <==> Access Point <==> Radius <==> Windows DC/AD

Windows OS : XP Client SP 2

Supplicant : Built-in Wireless Supplicant

Authentication : 802.1x PEAP(MS-Chapv2)

Access Point : Aironet 1200

Radius : ACS 3.3

Adaptors : Built-in

CA : Microsoft

I have a single SSID and am using a RADIUS server to assign users to different VLANs. When a computer boots up, machine authentication is used and the ACS tells the access point which VLAN to be on (i.e. VLAN1 192.168.1.x). Then when the user logs on the ACS tells the access point to switch the computer to a different VLAN (i.e. VLAN2 192.168.2.x). The problem is that the windows logon scripts do not run. Once the computer finishes booting, I quickly check its IP address and it still thinks it is on 192.168.1.x (VLAN1) when it is actually on VLAN2 and needs a 192.168.2.x address. If I give the machine time, it will eventually switch its IP to the 192.168.2.x address.

Has anyone else run across this? I assume that there is no fix and that it is a Microsoft problem. Obviously, it can't do the logon script if it does not have a valid IP for its VLAN. I also never know who will be logging into the computer to put the computer in the correct VLAN ahead of time.

Note: If the machine and user are both set to use the same VLAN, the computer does not have to switch IPs and the windows logon script works fine.

Thanks

Steve

Labels:
0 Helpful
3 Replies 3

d.nogueira
Level 1
Level 1

‎11-22-2005 06:37 AM

Hi there.

I've tried that solution, and I had a similar problem. My problem was on the DHCP server side: there was a superscope defined with the different scopes for each VLAN. When I'd the MAC Address from one machine registered at the DHCP database, the settings were always the same. Then I deleted the superscope and only defined scopes for each VLAN. It's working fine now.

Hope this helps you.

Regards,

João

0 Helpful

shawvoel
Level 1
Level 1

‎01-02-2006 10:59 PM

Hi Steve,

I have a customer would like to implement this solution, and I know that you're deploying the solution and have experience on this, would you mind to share with me about how to implement this?

Thank you in advance.

Rgds,

Au Yeong

0 Helpful

spodonnell
Level 1
Level 1

‎02-21-2006 01:42 PM

I'm in the middle of this exact problem.

Has anyone gotten this to work?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card