Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Slow logon windows xp with 802.1x enable

Hi all,

We deployed NAC solution (802.1x) with CS ACS 4.1 and Cisco Trust Agent 2.1 with bundled supplicant.

we got problem (slow respons) while try to login on windows xp (it takes around 4 minute). however the authentication has succesfull and we got the posture message from ACS.

Please help..

Attached log from CTA

regards,

bongkie

6 REPLIES

Re: Slow logon windows xp with 802.1x enable

Initial suggestion is to do a port-sniff and see what's causing the hold-up. Not particularly experienced with NAC, but certainly 802.1x on Windows can be a bit hit or miss, most of the time it's fine, but sometimes clients just wait an age before sending credentials off.

Sniff the port and see what's taking so long...

Regards,

Richard.

New Member

Re: Slow logon windows xp with 802.1x enable

Hi Richard,

Thanks for your respons.

the slow logon issue has been solved with deployed customize CTA package with reduce retry authentication settings from 4 (default value) to smaller value.

I have new problem with validation to external posture server using LanDesk 8.7.

Followed all documentation from Cisco and Landesk did not solved this issue.

attached log from Radius Server.

please advice

regards,

Dony

Re: Slow logon windows xp with 802.1x enable

I'd have a stab and say your LandeskPVS Policy is what's causing RADIUS to say no, but it's down to you to take a look at the rule-set and see what's what.

Failing that, create some obscenely simple policies, and get them working first. Once something very simple works, start to build on it bit-by-bit, continuously testing & fixing as required.

Sorry I can't help more...

Richard.

New Member

Re: Slow logon windows xp with 802.1x enable

Hi,

I solve this. You must create group on AD and add to this group both the user and machine.

It works for me. It should take less than 20 sec.

Mugur

New Member

Re: Slow logon windows xp with 802.1x enable

Hi Mugur,

We did not use AD as user authentication, but using Cisco ACS internal database. The users working environtment is workgroup.

any suggestion ?

thanks

Dony

New Member

Re: Slow logon windows xp with 802.1x enable

Richard,

All rules from internal policy (ACS internal posture) always worked for me, but if I pointing to the external posture server, Radius reject the request or failed in authentication. I'm still looking if my ACS or there is wrong configuration at my LanDesk Server. Btw thanks for the advice.

regards,

bongkie

796
Views
0
Helpful
6
Replies
CreatePlease to create content