Campus Switching and Routing

Reply
Occasional Contributor II
Posts: 16
Registered: ‎04-13-2016

problem with 802.1x authentication

Hi

 

I am having issues with 802.1x authentication, I have been using in our wireless environment for 5 years without issue with derived roles coming from an NPS server either logon_role, user_role or quarantine_role with different vlans associated to each.

I am now wanting to add the same capability to wired ports on our remote AP's

Problem is the workstation logs on after booting and is assigned the correct 802.1x derived role of logon_role and is placed in the correct vlan all visable and correct on NPS server etc, the machine then shows up as a client on the controller host\machinename.domain.

When the user then logs in they do not appear to be authenticated again. NPS show no logged change, controller doesn't see the new client.

This is using the same aaa profile that functions correctly in the wireless environment

 

Any help would be appreciated

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: problem with 802.1x authentication

Did you configure the clients for machine + user authentication? 

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 16
Registered: ‎04-13-2016

Re: problem with 802.1x authentication

Perfect thankyou, workstation was only configured for 802.1x machine authentication not machine or user authentication.

 

Another quick query I have two roles that are derived from the nps server after successful authentication has occured ie. logon_role and a user_role, if a domain based workstation fails then it is given the quarantine_role and appropriate vlan. However if a rouge client connects that is not setup for 802.1x or is not a member of the domain and cannot negotiate how is its role and vlan derived as at the moment it is being given the default machine role as above logon_role.

Thanks again

Search Airheads
Showing results for 
Search instead for 
Did you mean: