IEEE 802.1x port based authentication has been enabled on Cisco 3550 switch using Cisco ACS 3.2(integrated with Windows ADS database).Operating System used are Windows 2000 Professional ( with SP4) and Windows XP ( with SP1a)
With Windows 2k pro machine after getting authenticated an error on SVCHOST.EXE occurs and all the services related to this exe stops, which also includes the service which enables the 802.1X authentication. Also the system becomes unstable and many applications stop responding .
No such problems are observed with Windows XP machines.
make sure you have hotfix 822596 installed, this fixes some dhcp errors, (basically makes the machine get a new address after authentication) on a sniffer trace you will see the eapol success frame after login then you will see work station attempt to ping default gateway that it was on (I'm asssuming you are using machine authentication) if the ping fails which it should since you are now in a different vlan, then the machine actually gets a new address via dhcp, although the process takes about 10-15 seconds, you can actually to a cmd prompt and ipconfig and what the address go from what it was to 0.0.0.0, to an address on new vlan, if user tries to do anything while this is happening it fails of course. Machine authentication needs to be used if you are going to use anything practical like login scripts or roaming profiles. and this instability problem has been experienced by many, I have a couple of machines that do it , but I tried a fresh install and it worked fine (sort of) also if one user logs of and a another logs on and it isn't changing to the correct vlan, go to registry and add under local machine, software microsoft, eapol, parameteres, general, global. a dword called SupplicantMode and give it a value of 3. good luck
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :