Wired

Hi guys quick question, I have successfully integrated my Aruba 2930F switch with Cisco ISE for 802.1x Radius. Successfully have my IP Phones (MAB) and PC (802.1x) being authenticated, either connected directly to switch or if PC is connected via the IP Phone.
My issue is, if I try to login the PC with a new user (from my domain) that has never signed into, I am unable to login. If I try with a user who successfully login before, I can login and I'm authenticated via ISE.
It seems when a user is not logged in, I am unable to reach my domain controller through the configured switch interface. Looking at my login screen (Windows 10) when a user is logged out, the PC doesn't have an IP address. Only when a user logs in and is authenticated, an IP address is given.
Any assistance would be greatly appreciated.

When the computer is logged off, it will try computer authentication (if you configured that in the client). Do you see a failed authentication at that point?

You could check from the switch side: "show port access clients 1/12 detailed" if the client is on port 1/12 to see the actual port authentication status.

Windows clients will need access to the domain controller to authenticate users. If users have logged in before, the password is cached, which is why you can login with an earlier used account but not with new accounts. Make sure the system can communicate with AD before login, where enabling the computer authentication is probably the most secure way to do that.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 22, 2022 08:17 AM
From: Joel La Guerre
Subject: 2930F 802.1x Integration with Cisco ISE

Hi guys quick question, I have successfully integrated my Aruba 2930F switch with Cisco ISE for 802.1x Radius. Successfully have my IP Phones (MAB) and PC (802.1x) being authenticated, either connected directly to switch or if PC is connected via the IP Phone.
My issue is, if I try to login the PC with a new user (from my domain) that has never signed into, I am unable to login. If I try with a user who successfully login before, I can login and I'm authenticated via ISE.
It seems when a user is not logged in, I am unable to reach my domain controller through the configured switch interface. Looking at my login screen (Windows 10) when a user is logged out, the PC doesn't have an IP address. Only when a user logs in and is authenticated, an IP address is given.
Any assistance would be greatly appreciated.