Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

802.1x and Windows Domain Login

I am planning to implement 802.1x login authentication for LAN Users using Cisco ACS.

My setup is something like this:-

User(Windows XP)->Switch(802.1x enable)->ACS->LDAP Database

May I know, once the user had been authenticated thru 802.1x, do they still need to login again into the Windows Domain? What's the default setting?

Thanks

SSng

3 REPLIES
Silver

Re: 802.1x and Windows Domain Login

I'm not sure about WinXP and 802.1x authentication, but with Win2K the Windows Domain login occurs before the 802.1x network login. Once the Windows domain login times out, the 802.1x login is processed. This results in login scripts, that are based on the Windows Domain login, failing to execute. I saw reference to this being fixed with a future update from Microsoft. I am not sure if this would still hold true if you were using certificates to authenticate the machine to the network or not. To answer you question about having to login again to the Windows Domain after the 802.1x, there should be an option in the 802.1x configuration to use you Windows Domain credentials for the 802.1x authentication.

Community Member

Re: 802.1x and Windows Domain Login

are you going to be using dynamic vlan assignment in wired environment or dot1x ins wirless environment.

Community Member

Re: 802.1x and Windows Domain Login

hi,

i was just about to ask the same thing, but worded differently.

does dot1x vlan assignment work when using the ldap database? i mean, i know that when using the acs local database one can specify the attributes needed for vlan assignment...but if the database is the windb, how can this be done...specially if there are several vlans involved and several member from the ldap db are going to be assigned to different vlans.

can this be done?

regards,

c.

586
Views
0
Helpful
3
Replies
CreatePlease to create content