05-19-2008 09:47 AM - edited 02-21-2020 10:21 AM
I have configure Cisco ACS v4.1 to control network accessing. When a domain user logon, it takes a few seconds to logon and map the network drive if it is conencting to a port without configued autnetication. However, it takes around 30 seconds to 1 minute to get the authentication successfully if it is connecting to the configured authentication port. The problem is the computer can't talk to the DHCP and DC before the authentication. The network status shows Limits or not connectivity. The ipconfig shows it uses auto ip address 169.254.x.x. To obtain an IP or talk to the DC, the user needs to enter ipconfig /renew or re-logon.
I have installed wireshark on one of our XP. the capture result can be found this link: http://chicagotech.net/images/acssniffing.gif.
What I did is running wireshark after logon without network and plug the cable. Based on the sniffing, when the computer connects to the authentication port, it starts to talk to the DHCP but can't get an IP until 25 seconds.
05-19-2008 10:06 AM
You are going to need to use machine authentication ie. when the machine boots up it authenticates itself to the network and gets an IP address before the user even tries to log in.
Attached is a link to a doc to get you started but if you do a search on Cisco site with 802.1x machine authentication this should give you quite a bit of info.
Jon
05-20-2008 11:39 AM
Thnak you for the help. I will post back.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide