Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SPS224 and Windows XP SP3 802.1x supplicant problem

Hi everybody

We run MS Active Directory based network (Windows Server 2008, MS NPS as RADIUS server) and have Windows XP SP3 and 7 in it. We have a lot of SPS224 (with the latest SW version 1.0.6) as the access switches, and we are trying to implement 802.1x in our network to authenticate users by their AD domain computer accounts. Also, we want to use dynamic VLAN assignment using RADIUS attributes. The authentication by PEAP-MSCHAPv2 works fine on all workstations but we have a problem with the dynamic VLAN assignment in case Windows XP machines are used. The problem is that after a successful authentication and VLAN assignment on a switch port, the Windows XP supplicant is trying to re-authenticate after several seconds. However, the switch port state remains authorized and the workstation does not lose connection. So, the only problem we see is that the state of supplicant does not correspond the switch port state. We have notice that the problem occurs when the "multiple sessions mode" is used (it is needed to enable VLAN  assignment by RADIUS attributes). We have tried the built-in Windows XP SP3 supplicant and Cisco Secure Services Client with the similar result. At the same time, the Windows 7 workstation works just fine, without any problems. Is anybody has faced this problem with Windows XP and has a workaround? Any help will be appreciated!