Security

Reply
Occasional Contributor I

Is this normal Windows behavior?

In the course of our 802.1x deployment, we have found that we need to account for the ability for users to authenticate to a system they have never used before, meaning they do not have a local profile.  To do this, we have implemented an unauthenticated VLAN that Windows systems will be a part of, which will be replaced by the roles that are handed back upon successful Active Directory authentication.  But, the issue we are seeing is that the MAC address is constantly being passed to CPPM, sometimes multiple times in a 1 minute period (just looked at one sequence, 35 times in one minute).

 

Is this an effect of Windows trying to authenticate the systm onto the network, or maybe the Aruba 2920 switch configuration missing something that would prevent this from happening?

Guru Elite

Re: Is this normal Windows behavior?

Are these managed devices?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Is this normal Windows behavior?

 wrote:

Are these managed devices?


Managed in what way?  The Windows workstations, or the switches that they are connected to?

Guru Elite

Re: Is this normal Windows behavior?

The clients. Group Policy, EMM, Profile Manager etc.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Is this normal Windows behavior?

Ahh, got it.  Yes, they are managed by GPO, as well as the 802.1x configuration being pushed out to the workstations via LANDesk and a known good XML netsh lan export.

 

Also, for a full picture, the CPPM cluster we have in place is 6.6.8, with Aruba 2920 switches running WB.16.03.

Guru Elite

Re: Is this normal Windows behavior?

Is the supplicant configured for Computer + User?

 

Also, I would highly recommend that you use Group Policy to enforce the supplicant config over third party tools.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Super Contributor I

Re: Is this normal Windows behavior?

Hi,

 

Which Windows version? I have seen Microsoft doing freaky stuff on the IP stack/Ethernet side. 

did you have wireless enabled on the windows machines?

Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Occasional Contributor I

Re: Is this normal Windows behavior?

The configuration is for user only, utilizing the user certificate that is generate for each user.  

 

Didn't realize that the NIC configuration could be pushed via GPO.  I'll have to look into that one.

Guru Elite

Re: Is this normal Windows behavior?

In order to do what you're trying to do, you'd have to use Computer + User.

 

Also, please follow the ClearPass Solution Guide for Wired Policy Enforcement for validated switch and ClearPass configurations.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Super Contributor I

Re: Is this normal Windows behavior?

Hi Eric,

 

be carefull with Windows 10 and updates. We have had issues from the last two big updates from Windows that the settings pushed by GPO (EAP-TLS with cert.) was changed. It was defaulted to eap-peap and the settings weren't lock anymore.

 

Hope this helps

Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: