I have a proof of concept built for a client using wired 802.1x. We are using EAP-TLS with the MS Supplicant on XP SP2.
Everything seems to work, with exception to unplugging the client and then replugging it back into the same port, which does not seem to re-initiate the EAPOL process. It is almost like I am missing one little piece, I am just having trouble putting my finger on what the piece might be. If anyone has any suggestions it would be appreciated.
Ensure that the client is getting authenticated by the authentication server because until the client is authenticated, 802.1X access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the client is connected.
Actually, it was a problem with the user cert. Once a profile was loaded on the box, and authentication had to happen again after unplugging the cable and then plugging it back in, the user cert. was requested for authentication and we did not have a user cert on the box. I actually switched the authmode reg setting to a value of 2 and everything worked. Right now we are looking at doing machine only auth, do you or anyone else know of any caveats to look out for when doing 802.1x with EAP-TLS machine only auth, either in the cisco world or the microsoft world?
I am confused, we have this working just fine at the moment with the supplicantmode registry value at 2(the default for wired connections).
I guess as long as the authmode is set to 2, it doesn't matter if the supplicant mode is set to 3.....before, with authmode set to 1 and suppmode set to 3 and no user cert on the pc, it would fail because the suppmode made it try to use both the user and pc cert.
What would be the downfall of leaving the suppmode set to 2, instead of 3?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :