Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

802.1x Authentication on Wired and Wireless LAN

I have successfully configured 802.1x authentication on wired and wireless Lan. We have Cisco Switches, ACS SE and Windows AD.

But i have one issue regarding the Single Sign on while authentication using the 802.1x with Windows Active directory the users that are login first time not able to logon but the users that have their profiles already existed in their PC then there is no issue and they successfully authenticated and login easily.

Is there any way of login successfully for the users first time using 802.1x authentication with Windows AD like a Single Sign On?

5 REPLIES
Community Member

Re: 802.1x Authentication on Wired and Wireless LAN

We ran into the same situation from time to time. We implemented 802.1x authentication using the Cisco Secure Services Client (SSC) on the windows hosts.

At the beginning we were completly unable to logon on the maschines where no locally stored windows profile exists. After change to timeout to authenticate at the network in the SSC options we are able to logon to the network and also be authenticated by the domain controller.

Sadly this works out often as a timing issue. Most times the user needs to try a couple of times. At the moment, I'm also very interessted in a good way to avoid this (as it seems to be) racecondition.

Hope that someone else has any clue?

Cisco Employee

Re: 802.1x Authentication on Wired and Wireless LAN

If you are using machine-authentication, this should solve this. This should help:

http://technet.microsoft.com/en-us/library/cc787892.aspx

Community Member

Re: 802.1x Authentication on Wired and Wireless LAN

Yes, right. But it means to prepare and take care for additional credentials and internal deployment processes. At the moment the user authentication is a very good solution to carry out wether this notebook (user) is allowed to connect or not.

Cisco Employee

Re: 802.1x Authentication on Wired and Wireless LAN

If you're running machine-auth, kerberos actually launches for a user account before/asynchronous 802.1X does (and remember the network connection has already been enabled by machine-auth). Hence, a new user can login to the machine just like they could before 802.1X was deployed.

Hope this helps,

Community Member

Re: 802.1x Authentication on Wired and Wireless LAN

Thanks for the information, very helpfull. We will consider adding maschine authentication.

349
Views
4
Helpful
5
Replies
CreatePlease to create content