I am testing DOT1X Authentication Protocol using Cisco Switches and for that i have gone through the procedures to Run Dot1x on windows . As you know when we use this feature, users logging to concerned Domain are asked to enter their user names and passwords. This username and passwords are set in Active Directory and are different to Windows logon. i mean after any user logs in to the domain, after the PC is up, a balloon pops up above his Local Area Connection asking username and password !!
After the user, enters this username and password, his PC is connected to the Domain and must ping others or share anything.(getting IP through DHCP)
The problem is that no Group Policy (which is set by me (Admin) ), is applied to users and computers in the domain.
Suppose the group policies which i set was :
In Cisco switch we are suppose to configure the concerned port that any user is connected to, some related configurations which have to be set by the administrator.
these configurations are like :
1) Switch(config)# dot1x syetem-auto-control (enables dot1x on cisco switch)
2 ) Switch(config)# interface fastethernet 0/1
Switch(config -if )# switchport mode access
Switch(config-if )# dot1x portcontrol auto
Switch(config-if )# dot1x pae authenticator
Switch(config-if )# dot1x reauthentication
enabling above mentioned commands, will lead to our goal and our goal is after the user passes these authentication steps,he can successfully log into the Domain and the group Policies which are already defined by the administrator,to be applied to the user.
my problem shows up after 3rd step:
1st -users logs into the PC.
at this point dot1x authentication starts and the ballon which i already told you about,appears above Local Area Connection asking username and password
2nd -user clicks on the balloon,a window appears on screen,,and we are asked to ented username and password
3rd -user enters username and password . and the switchport that the user is connected to,is assigned to concerned VLAN and afterwards the proper IP Address is given by the DHCP Server.
=> 4th- in this step that the user has got IP address ,no group policy which we have previously defined is applied.(suppose we have defined :The CD-ROM and USB Ports must be disabled ) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
my question is why???????????????
why no policy like :disabled CD-ROM or Disabled USB Port works here?
but when we disable dot1x, all these policies are applied to the users.
by disabling dot1x users can not access CD-ROM or can not use USB Port and this is what we want along with dot1x authentication.
I hope the problem is well explained to you.
Please , if you think anything can help me in this regard.let me know about it.