ACS / dot1x troubles

Unanswered Question
Dec 5th, 2007

All, Im trying to do the following, without success at this point. I have a laptop, 3560 switch, and ACS v3.3. I have the port my laptop is plugged into to do dot1x. If you login fine, you get on the trusted network. If not, you get dumped into the guest vlan. When I boot up, I automatically get dumped over to the guest vlan. At that point, I can see in my system tray where it is trying to authenticate, and it pops up with a bubble asking me to type in a username and password. I click on that, and login screen comes up. I type in my username and password, and in about 10 seconds, I get dumped over into the trusted domain. My question is, how can I configure all of this to where my users do not have to login twice (once on the laptop itself and once for network "trusted" availability)? On the ACS server, I have the usernames/passwords setup. Switch appears to be operating correctly. See switch port config here:

interface GigabitEthernet0/6

switchport access vlan 13

switchport mode access

dot1x pae authenticator

dot1x port-control auto

dot1x timeout quiet-period 15

dot1x timeout tx-period 3

dot1x reauthentication

dot1x guest-vlan 12

spanning-tree portfast

ACS is setup to allow authentication with switch. Laptop will authenticate user credentials, just not automatically where the user does not have to "DO" something.

Any ideas on how to do this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Pavel Bykov Thu, 12/06/2007 - 01:16

Have you set up a trust between ACS and your domain? How are authentication credentials (with which you are logging in to the notebook) are passed to ACS?

What client are you using on the notebook?

mikedurbin Thu, 12/06/2007 - 05:15

on the laptop, using Microsoft Windows 802.1x on the network card, with MD5 as the EAP type. When I try to use PEAP, I couldnt get that to work.

Yes, ACS does have a trust setup for the domain.


This Discussion