Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IBNS - 802.1x issue

Hi group

I have an 802.1x issue in a IBNS implementation, once the pc switched on and the user login using his username/password he takes his right VLAN and IP, but if we logout and try to login using a new user the windows refuse to login because it don?t see the domain. The only way to solve this is to unplug and plug it back.

Please advice

6 REPLIES
Cisco Employee

Re: IBNS - 802.1x issue

Is the machine a member of the domain? If so, have you enabled machine authentication? It's enabled by default.

This may help:

<http://www.microsoft.com/technet/itsolutions/network/wifi/wififaq.mspx#EAAAA>

New Member

Re: IBNS - 802.1x issue

Yes the machine is member of a domain. yes there is machine authentication. Also the machine connected behind an IP Phone.

Cisco Employee

Re: IBNS - 802.1x issue

Can you confirm that machine authentication completes successfully when the user logs out? (a user logout, is a machine login by default with the windows supplicant).

Does the 2nd tested user have cached credentials on the PC?

New Member

Re: IBNS - 802.1x issue

This is exactly my problem. after the user log out the swtich doesn't feel this logout.

For example; if we have user A and user B. UserA boots andlogin to the machine. UserA will get authenticated and put to certain VlanA and all is working as expected.

Then UserA logout and UserB login. Now UserB ends up on guest vlan, which is not correct. UserB is expected to connect on VlanB.

To get UserB in to the right VlanB you will have to pug off/on the cable.

I hope i made my self clear

Thanks

New Member

Re: IBNS - 802.1x issue

I know it's six weeks later at this point so I'm not sure if you are still having this issue or not. I jsut encountered the exact same scenario recently. The fix was adding another registry key to the XP client. Most artlices and postings explain the need for the 'SupplicantMode' registry key and having it set to value=3. There is another key that sits in the same place called 'AuthMode'. The value of AuthMode must be set to value=1.

This setting tells the supplicant to send an EAPoL stop message to the switch at certain times. The EAPoL stop message is sent whenever the login status changes.

For example, when the machine boots up and no one has logged in but the machine has authenticated, been assigned a VLAN and IP address. You then hit Ctrl-Alt-Del, enter the user credentials and hit enter. At this time the supplicant sends the EAPoL stop and the switch initiates authentication again. This same process happens on logoff as well. You can see it all taking place if you watch the output of "debug dot1x all" and "debug radius".

The place to put both the SupplicantMode and AuthMode registry keys is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global

Let me know if this has worked out for you.

New Member

Re: IBNS - 802.1x issue

Hi

i would like to thank you for your post, it reply explains a lot to me.

Thanks

Waleed

173
Views
5
Helpful
6
Replies