Takes long time to logon because of authentication

chicagotech · ‎05-19-2008

I have configure Cisco ACS v4.1 to control network accessing. When a domain user logon, it takes a few seconds to logon and map the network drive if it is conencting to a port without configued autnetication. However, it takes around 30 seconds to 1 minute to get the authentication successfully if it is connecting to the configured authentication port. The problem is the computer can't talk to the DHCP and DC before the authentication. The network status shows Limits or not connectivity. The ipconfig shows it uses auto ip address 169.254.x.x. To obtain an IP or talk to the DC, the user needs to enter ipconfig /renew or re-logon.

I have installed wireshark on one of our XP. the capture result can be found this link: http://chicagotech.net/images/acssniffing.gif.

What I did is running wireshark after logon without network and plug the cable. Based on the sniffing, when the computer connects to the authentication port, it starts to talk to the DHCP but can't get an IP until 25 seconds.

Jon Marshall · ‎05-19-2008

You are going to need to use machine authentication ie. when the machine boots up it authenticates itself to the network and gets an IP address before the user even tries to log in.

Attached is a link to a doc to get you started but if you do a search on Cisco site with 802.1x machine authentication this should give you quite a bit of info.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

Jon

chicagotech · ‎05-20-2008

Thnak you for the help. I will post back.