Security

Hi

We have a huge problem!

When our windows 10 clients is updated to 1703, 1709 the update resets the 802.1x autentication settings and the client sends to guest vlan and cannot connect to the domain to recieve the gpo that sets the 802.1x settings....

What is the best solution?

/Johnny

 

I'm unaware of clients losing 8021.X settings during an upgrade or Windows 10 to the mentioned versions.

 

For a broader view on this subject, what I see happening is that access to supporting systems to get a client in the domain and compliant to the policy (like domain controllers, PXE boot servers, AV/MDM management, software distribution) are allowed regardless the 802.1X authentication.

 

Some customers use specific staging ports for that, others mark the clients in the endpoint database as known corporate machines and put them in a specific VLAN+role that allows PXE netboot and domain joins, and some allow traffic to the domain controller as a bypass on the guest VLAN. What works best for you is dependent on the exact situation. Likely, these options will give inspiration for an acceptable solution in your case.

Hi

There is more people that having this problem =(

We dont want to use Mac-auth

And this problem is on all our 500 klients, so opening ports would be useless =( Can you check within your company how to solve this?

/Johnny



Johnny Ericsson

IT-Avdelningen

IT-Tekniker

STATENS VETERINÄRMEDICINSKA ANSTALT
Telefon: 018-67 40 15
E-post: johnny.ericsson@sva.se
Post: 751 89 Uppsala



www.sva.se

The options that I described are what I know of that others do. If those options don't work for you, given the urgency, it probably is best to contact your Aruba partners, local SE, or Aruba TAC.

Problem solved:

Instead of using windowsupdate or softwareupdate in sccm, we did a tasksequence in sccm with 1709-upgrade....after the upgrade in the tasksequence we run this script:

netsh lan add profile filename=eap.xml

 

eap.xml was exported från a clearpassed computer.

See picture!

/Johnny