Hi All,
I've been monitoring the wired NAC roll-out to one of our departments. All
going pretty well, but every now and again a PC will attempt to authenticate
using it's hostname, rather than the username, and gets a Reject. The ICT guys
have been disconnecting the PC to get it to
Hi,
are you talking about the hostname from the hostname colomn in NAC Mgr or
the hostname, i.e. host/pcname123 from the username colomn?
If you do user authentication, i.e. 802.1X PEAP, or machine/host
authentication, i.e. 802.1X EAP-TLS, both times the important
username/hostname is found in
Hi Markus,
Thanks for the feedback. When I see the Reject, the hostname appears in the
username column. When the PC logs in successfully the username column is
populated with the correct username.
Does it look like a setting on our PC's that needs to change?
Simon Read
Service Engineer
Hi Simon,
what is the authentication method for that host, which is shown in NAC Mgr
- I think 802.1X EAP-TLS?
Or does it say 802.1X Identity.
Further right in the line of that host, does it say something about radius
request became stale, system is miscconfigured or authentication
request
Hi Simon,
Of course set this on workstations :)
Regards
Paweł
Wiadomość napisana przez Paweł Kuleszyński w dniu 2 lip 2013, o godz. 09:35:
Hi,
Try to set User authentication on Authentication Tab in Properties of the
Wired LAN (Windows Settings).
Regards
Pawel
---
To unsubscribe
Hi,
Pawel is right, this should be checked as well, if you only want to use
user authentication (802.1X PEAP, single sign on) and not machine/host
authentication.
Pawel described it right for Windows 7 machines for example, if you have
Windows XP SP3 then you might want to check the 802.1X
Thanks Pawel and all that replied,
I just worked that out after going over the setting with my PC colleagues. The
setting was to use the computer or user credentials. They're going to push it
as a Policy update and test.
Certainly makes sense!
Simon Read
Service Engineer
Nashua
How are the phones learning which vlan to operate on? DHCP? LLDP? Manual entry?
We use DHCP to tell the phones which VLAN they should be on. It boots into our
default VLAN and gets an IP address. It is told the proper VLAN, so it releases
the IP address and talks on the new VLAN. It sounds like
Hi Matthias
What is the VLAN mapping for pre-auth set to in the NAC profile? I had a
similar issue where the Tunnel-Private-Group ID attribute is set to vlan 1
(default setting). NAC returns vlan 1 as Tunnel-Private-Group ID
attribute if not specified differently.
Might be worth checking.