I have an 802.1x issue in a IBNS implementation, once the pc switched on and the user login using his username/password he takes his right VLAN and IP, but if we logout and try to login using a new user the windows refuse to login because it don?t see the domain. The only way to solve this is to unplug and plug it back.
I know it's six weeks later at this point so I'm not sure if you are still having this issue or not. I jsut encountered the exact same scenario recently. The fix was adding another registry key to the XP client. Most artlices and postings explain the need for the 'SupplicantMode' registry key and having it set to value=3. There is another key that sits in the same place called 'AuthMode'. The value of AuthMode must be set to value=1.
This setting tells the supplicant to send an EAPoL stop message to the switch at certain times. The EAPoL stop message is sent whenever the login status changes.
For example, when the machine boots up and no one has logged in but the machine has authenticated, been assigned a VLAN and IP address. You then hit Ctrl-Alt-Del, enter the user credentials and hit enter. At this time the supplicant sends the EAPoL stop and the switch initiates authentication again. This same process happens on logoff as well. You can see it all taking place if you watch the output of "debug dot1x all" and "debug radius".
The place to put both the SupplicantMode and AuthMode registry keys is
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...