12-05-2007 01:50 PM - edited 03-05-2019 07:50 PM
All, Im trying to do the following, without success at this point. I have a laptop, 3560 switch, and ACS v3.3. I have the port my laptop is plugged into to do dot1x. If you login fine, you get on the trusted network. If not, you get dumped into the guest vlan. When I boot up, I automatically get dumped over to the guest vlan. At that point, I can see in my system tray where it is trying to authenticate, and it pops up with a bubble asking me to type in a username and password. I click on that, and login screen comes up. I type in my username and password, and in about 10 seconds, I get dumped over into the trusted domain. My question is, how can I configure all of this to where my users do not have to login twice (once on the laptop itself and once for network "trusted" availability)? On the ACS server, I have the usernames/passwords setup. Switch appears to be operating correctly. See switch port config here:
interface GigabitEthernet0/6
switchport access vlan 13
switchport mode access
dot1x pae authenticator
dot1x port-control auto
dot1x timeout quiet-period 15
dot1x timeout tx-period 3
dot1x reauthentication
dot1x guest-vlan 12
spanning-tree portfast
ACS is setup to allow authentication with switch. Laptop will authenticate user credentials, just not automatically where the user does not have to "DO" something.
Any ideas on how to do this?
12-06-2007 01:16 AM
Have you set up a trust between ACS and your domain? How are authentication credentials (with which you are logging in to the notebook) are passed to ACS?
What client are you using on the notebook?
12-06-2007 05:15 AM
on the laptop, using Microsoft Windows 802.1x on the network card, with MD5 as the EAP type. When I try to use PEAP, I couldnt get that to work.
Yes, ACS does have a trust setup for the domain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide