05-22-2016 07:38 PM
I am having issues with 802.1x authentication, I have been using in our wireless environment for 5 years without issue with derived roles coming from an NPS server either logon_role, user_role or quarantine_role with different vlans associated to each.
I am now wanting to add the same capability to wired ports on our remote AP's
Problem is the workstation logs on after booting and is assigned the correct 802.1x derived role of logon_role and is placed in the correct vlan all visable and correct on NPS server etc, the machine then shows up as a client on the controller host\machinename.domain.
When the user then logs in they do not appear to be authenticated again. NPS show no logged change, controller doesn't see the new client.
This is using the same aaa profile that functions correctly in the wireless environment
Any help would be appreciated
Solved! Go to Solution.
05-23-2016 06:10 PM
Perfect thankyou, workstation was only configured for 802.1x machine authentication not machine or user authentication.
Another quick query I have two roles that are derived from the nps server after successful authentication has occured ie. logon_role and a user_role, if a domain based workstation fails then it is given the quarantine_role and appropriate vlan. However if a rouge client connects that is not setup for 802.1x or is not a member of the domain and cannot negotiate how is its role and vlan derived as at the moment it is being given the default machine role as above logon_role.