Security

Hi:

This might not be a Clearpass question per se, but I'm experiencing a problem, while setting up my Clearpass with 802.1x.

It seems that Windows machines will occasionally get into a wierd state, where they won't connect to anything. They won't connect to my 802.1x network  (which they were connecting to just minutes ago). They won't even connect to a WPA2-PSK network.

Whichever network I try to connect to, the wireless twirly ball twirls for a while, and then windows pops up a box that says, "Windows was unable to conec\t to <SSID>" and it graciously offers me the option to troubleshoot the problem.

I don't see the machine auth in Clearpass, so the machine isn't talking out.

Reboots do not fix the problem.

Does anyone know what's required to shake Windows out of this state?

Thanks,

Tony

Hi Tim:

Thanks for the reply.

I've seen this on two computers so far. It's got to have something to do with the introduction of dot1x in our environment. We ran WPA2-PSK for years without ever seeing anything like this.

And so far, it clears itself up. After about an hour the computer magically connects. So I'm guessing that something needs to timeout.

OK, I might have some more data....

This appears to happen whenever the Deny Access profile is activated.

I'm using the system defined [Deny Access Profile] that is set to 'Reject.'

Whenever a user doesn't meet any defined criteria and falls through to this profile, the machine gets disgruntled, and won't connect to anything for 30-60 minutes.

Has anyone heard of this?

Tony

OK, I'm narrowing in on this issue...

It appears that everytime a machine/user fails autentication, it is blacklisted for 60 minutes in the controller.

And that opens up new questions about the best way to configure blacklisting.

I'll take this up in another thread.

Thanks.