I´m studying the behaviour of the 802.1x protocol working in a Windows environment with IAS and AD activated.
I´m using Windows 2000/XP 802.1x clients to perform the tests.
As I check the option "Authenticate the user as guest when the credentials are unavailable" in the client and I´m not able to get authorized. I watch the trace in the CAT 2950 switch and I get the message 'dot1x event - empty userid'. The client´s request is not forwarded to the RADIUS server and at the end the client is unauthorized.
First I thought of configuring the IAS server with a rule to bring these anonymous users in a quarantine VLAN and perform further actions with these clients. No way, the request don´t get to the RADIUS.
The other option that I managed was to take these users to the guest VLAN but I think this is not possible either. I have got similar problem with users with invalid credentials.
Is this the correct or expectable behaviour of the switch?
Any idea to take uknown users to a controlled or quarantine VLAN?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...