I have the follow scenary
- a w2k3 server with IAS radius server, CA server and AD server
- a wxp , the client
- and a cisco 2950 (sh run output attached)
And i'm using PEAP with MSCHAPv2.
I have two question to solve...
1 ) How make to the user logon at first time ? how he get the certificate ? I have to authorize port on switch and log with the user to he get certificate on machine ?
After this, the authentication process works.
2 )When a user logged on client , executes loggof, the connection on switch isn't closed.
The EAP session continues until the switch executes the re authentication
So, when a user logoff from radius client, the port on switch continues active, and if other user logon machine, the user will