we have a ACS 4.1 install with 5 acs servers, 25 remote switches and over 800 xp users all doing certificate based machine authentication that work perfectly fine. We are also using a guest vlan in our sites to auth fail a guest user onto the guest vlan so they can get internet access. We had to reduce the dot1x timers so dot1x would fail(45 sec) before windows DHCP fails(approx 55 sec) This has worked fine for the last year with all of our xp machines. We put in a new 4510 into our main building last week for user access and we are running into a issue with developer boxes that are running 2003 server or 2003 x64. What happens is that the when they reboot, the authentication process takes too long and they auth fail and get put into the auth fail vlan. They then get authenticated 20 sec later and they are authenticated in the guest vlan and remain stuck there until I bounce the port. I have a TAC case opened just wanted to see if anyone else has seen this or could duplicate. Very weird and specific to 2003 server 2003 server x64 with Broadcom drivers. Thanks in advance.
Not sure this helps a 2003 server machine though. Third-party supplicants don't exist for the OS much AFAIK. Is there a way to insure the supplicants succeed to begin with? If not mission critical, a release/renew would work, or so would a unplug/plug back in, but can imagine how this won't seem as a solution either.
This is actually only on the reboot. One interesting thing is that some people have dynamic vlans, and they auth-fail, get put into the guest vlan, then authenticate, get put into the correct vlan and are fine. Even unplugging/replugging doesn't seem to do it which it really should as the authentication proccess should start over. Also in their infinite wisdom, security has disabled windows profile caching so a user cannot log onto the box without domain connectivity so they can't disable/re-enable. By reducing the dot1x timeout from 90 seconds to 45 to fix the windows DHCP issue we probably caused this one. Again it seems specific to the newer Dell workstations with newer broadcom drivers.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...