03-15-2007 11:49 AM - edited 03-05-2019 02:56 PM
I have the follow scenary
- a w2k3 server with IAS radius server, CA server and AD server
- a wxp , the client
- and a cisco 2950 (sh run output attached)
And i'm using PEAP with MSCHAPv2.
I have two question to solve...
1 ) How make to the user logon at first time ? how he get the certificate ? I have to authorize port on switch and log with the user to he get certificate on machine ?
After this, the authentication process works.
2 )When a user logged on client , executes loggof, the connection on switch isn't closed.
The EAP session continues until the switch executes the re authentication
So, when a user logoff from radius client, the port on switch continues active, and if other user logon machine, the user will
03-15-2007 05:37 PM
With PEAP, the client does not get a certificate; the certificate is only on the server side.
EAP-TLS uses client-side certs (and server-side certs)
Until you can register your server/CA with the client, you'll probably need to uncheck the box in the client setup that says " Verify Server Certificate."
Good Luck
Scott
03-16-2007 05:21 AM
????
03-16-2007 05:22 AM
Ok ScottMac, I will try this !
03-16-2007 05:53 AM
Scott,
ref : Question 1
i tried this...but it isn't working
the first logon, i have to turn off the 802.1x on switch port.
I think that the client xp doesn't can build a certificate on server at first time.
Att
Antonio
03-16-2007 02:53 PM
ref : Question 1
it's working now..
i created a auth-fail vlan and guest vlan, also i set this on switch port.
and that ad server is on vlan 10, so when the xp not connect, or is starting the S.O. the switch put port on vlan 10 (guest and fail vlan's), when the user try logon first time...the machine found the ad server and logon ad server....
so, i only have to set the timers..because the switch is very slow to authorize the ports...
and about question 2 ?
Anybody have any idea ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: