I currently have a test group in place for wired DOT1X. Now I'm trying to work out a few problems that have surfaced before deployment. The current problem is when a user makes a Remote Desktop connection to the DOT1X enabled PC. The remote PC that is initiating the Remote Desktop connection is in the qualifying computers group in A/D and the user is logged into the remote computer with the same userID as they use in the DOT1X enabled PC. So the problem is that after connection is successfully made, 30 seconds later, the connection is dropped and the port state on the switch is in "unauthorized." I assume this is by design and has to due with a timer. I have enabled Multihost thinking that DOT1X is seeing 2 machines trying to authenticate to one port and is thus going to an unauthorized state. Is there a DOT1X parameter that would allow these types of connections to be made to DOT1X enabled machines w/o compromising the idea of DOT1X? Thanks for any help you can provide.
This from my previous post. This only applies to the MS supplicant. RD works with a 3rd party supplicant.
I hardcoded Machine Auth ONLY to ensure not breaking RD until fixed.
From MS FAQ:
Q.Do Remote Desktop connections work to Windows wireless clients that use 802.1X authentication?
A.Not at this time. All 802.1X-based wireless connections are affected, including those using EAP-TLS or PEAP-MS-CHAP v2. Connections using a static WEP key or WPA-PSK are not affected. Microsoft is investigating this issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...