Hello,
We have set up ethernet ports 1 and 2 to use 802.1x auth for our wired users. We have the ports configured as trunks and we are trunking down vlans 42 and 44. We also have a user derivation rule that allows devices with certain MAC OUI's to match the rule and get a 'cisco phones' rule. This is because we use ip phones that will not do 802.1x. So, the phone plugs into the RAP5 ethernet port 1 or 2, and the 802.1x enabled Windows7 laptop plugs into the phone (Cisco 7940). The phone is configured to accept and process vlan 44 traffic and pass vlan 42 traffic on to the laptop.
What is happening is that the laptop won't reply to the eapreq packets from the controller until we unplug the ethernet from the laptop and plug it back in. Then it responds and the authentication works perfectly. By the way, disabling and then enabling the NIC on the laptop or stopping and then restarting the Wired AutoConfig also makes it work.
The initial role is logon, I also read here to use the denyall role which I tried but that did not fix the problem.
Once the user disconnects and reconnects the ethernet cable everything works fine until the next time the laptop is reconnected the same issue occures.
We are connecting to a 3600 controller running 6.1.2.3 code with another 3600 running the same code as the master behind it.
This is likely a windows thing but we can't figure out what to change.
Any ideas would be greatly appreciated.
Michael
#3600