Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor II
Posts: 45
Registered: ‎04-06-2010

EAPOL-Start Message

Does anyone know what this should be set to on Windows for our Wireless GPO's? We currently use the setting "Transmit" but are seeing periodic issues with users authenticating.

This document has the details on the settings:
http://technet.microsoft.com/en-us/library/cc755892%28WS.10%29.aspx

The options are:
EAPOL-Start Message. This option allows you to specify the transmission behavior of the EAPOL-Start message when authenticating. These settings set the SupplicantMode registry setting. You can select from the following:

# 1 - Do not transmit. Specifies that EAPOL-Start messages are not sent.

# 2 - Transmit. Determines when to send EAPOL-Start messages and, if needed, sends an EAPOL-Start message.

# 3 - Transmit per 802.1x. Sends an EAPOL-Start message upon association to initiate the 802.1X authentication process.

My thought is that it should be option #3 (Transmit per 802.1x) but the default seems to be transmit and that is what we left it as.

The issue we are having is that we use machine and user authentication, but some users who login do not send user authentication immediately at login (Authmode is set to 1) but instead after about 5 minutes. For our wired connections (That also use user and machine auth) it works perfectly but we set these settings via an XML file and set the supplicantMode registry key to 3 (Which corresponds to Transmit per 802.1x).