Wired dot1x failure|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by on April 30, 2009, 4:22 am
Please log in for more thread options
I'm doing some testing with wired dot1x and coming across possible future support issues. The supplicants are XP machines connecting to a 3750 switch. The issue I see arising is when a user fails authentication, for whatever reason, how can you remotely be able to get a username/ password prompt to be redisplayed on the PC? From my tests so far, once failed say for an incorrect password, the username password box never gets redisplayed unless the PC is either rebooted or physically disconnected and reconnected to the switch. OK, not the end of the world I know but I'd rather not have users pulling out and putting back in plugs as they are bound to end up in the wrong places.....you're probably way ahead of me here. Anyway, bouncing the port from the switch didn't appear to make this happen. Clearing dot1x int didn't do anything either although it does if authentication has been successful as long as password cacheing has been turned off in XP. As for working, everything is fine but it's when it doesn't work I can see problems arising for remote faulting. The Cisco docs don't cover this bit? Anyone got any real life experience of this? Cheers Bob | |||||||||||||
|
Posted by Thrill5 on April 30, 2009, 1:36 pm
Please log in for more thread options The client is sending the authentiation credentials and a success/fail message is sent to the client. On a fail, the client should then display a message that the authentication failed and reprompt for authentication. You need to gather more information about what is happening. Is the client resending the same credentials after a fail without prompting the user for new credentials? Is the switch sending a fail message when the credentials aren't valid? On the wireless side, I've used third party supplicants because the Microsoft suppliant is not that robust for wireless authentication. I would also post this question on one of the Microsoft groups because something might need to be tweaked on the PC. | |||||||||||||
|
Posted by on May 1, 2009, 8:35 am
Please log in for more thread options Thanks for the reply.
Well after going back the next day with a fresh head, and debugging applied, it all appeared to function as expected?? As you say probably a PC issue more than anything. As much as I hate Windoze the supplicant has been chosen so I've no choice in the matter. Cheers Bob > I've only worked with dot1x authentication for wireless networks, but....
ay a
> The client is sending the authentiation credentials and a success/fail > message is sent to the client. =A0On a fail, the client should then displ= > message that the authentication failed and reprompt for authentication.
> > snip | |||||||||||||
| Similar Threads | Posted |
| Wired dot1x failure | April 30, 2009, 4:22 am |
| Dot1x Mac-Auth-Bypass | June 29, 2006, 8:42 am |
| Cisco dot1x via snmp | March 19, 2007, 10:49 am |
| dot1x, radius and telnet authentication | October 31, 2006, 12:36 am |
| Catalyst Express 500, dot1x, VLAN membership | September 14, 2006, 4:34 am |
| Setting a router/switch to operate as a supplicant in dot1x | January 1, 2008, 3:31 am |
| PRI to BRI multilink failure. | July 13, 2005, 9:24 pm |
| Re: Dynamic NAT Failure | September 1, 2006, 9:53 am |
| Dynamic NAT Failure | August 28, 2006, 11:54 am |
| ASA failover failure | February 13, 2007, 6:37 am |
| MIB Discovery Failure | October 2, 2007, 2:08 pm |
| 1811 failure | October 29, 2009, 9:40 am |
| 2621XM - np ip inspect causes failure | December 13, 2005, 10:36 am |
| Pix 515 does not recover from, Power Failure | July 24, 2006, 12:28 pm |
| Temporary failure on T.38 fax calls | February 7, 2007, 5:48 am |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
>
> I'm doing some testing with wired dot1x and coming across possible
> future support issues.
> The supplicants are XP machines connecting to a 3750 switch.
>
> The issue I see arising is when a user fails authentication, for
> whatever reason, how can you remotely be able to get a username/
> password prompt to be redisplayed on the PC?
>
> From my tests so far, once failed say for an incorrect password, the
> username password box never gets redisplayed unless the PC is either
> rebooted or physically disconnected and reconnected to the switch. OK,
> not the end of the world I know but I'd rather not have users pulling
> out and putting back in plugs as they are bound to end up in the wrong
> places.....you're probably way ahead of me here.
>
> Anyway, bouncing the port from the switch didn't appear to make this
> happen. Clearing dot1x int didn't do anything either although it does
> if authentication has been successful as long as password cacheing has
> been turned off in XP.
>
> As for working, everything is fine but it's when it doesn't work I can
> see problems arising for remote faulting. The Cisco docs don't cover
> this bit?
>
> Anyone got any real life experience of this?
>
> Cheers
> Bob