Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wired PC's with PEAP and RADIUS - how to join to a domain?

I realize this seems like a 'chicken vs. egg' question, but I'm wondering if there is an answer.

<br />

<br />We're in the process of implementing RADIUS authentication using PEAP and IAS on our network.

<br />

<br />(Server 2003, WinXP Pro, and Cisco hardware)

<br />

<br />My test network is working well, however the one glitch that we've come across is joining new PC's to the domain. Because the switch will not authenticate the machine or the user - we can't get access to join the machine to the domain controller.

<br />

<br />Is there a simple workaround for this, or do we have to disable AAA on the switch temporarily, every time we want to join/rejoin and machine?

<br />

<br />Thanks in advance!

<br />Rob

2 REPLIES
Hall of Fame Super Silver

Re: Wired PC's with PEAP and RADIUS - how to join to a domain?

If you are running 802.1x on your switches for wired users, then you either need to stage the machines first by having them join the domain and then pushing out the appropriate certificates to the machine. You can always have ports that don't have 802.1x configured to get this working.

-Scott
*** Please rate helpful posts ***
Cisco Employee

Re: Wired PC's with PEAP and RADIUS - how to join to a domain?

Other options include the Guest-VLAN or Auth-Fail-VLAN and allowing access to a domain controller from there. Another option is open mode to always allow access to a domain controller and control access with ACLs.

154
Views
0
Helpful
2
Replies