Just out of curiosity, what is the mechanism that places the user in the specified vlan? Namely, which component sets the switch port to be part that a specified vlan?
Thanks Matt [EMAIL PROTECTED] -----Original Message----- From: David Warner [mailto:[EMAIL PROTECTED] Sent: November 21, 2005 4:53 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.1x authentication on wired network I've been testing the 802.1x authentication on Cisco catalyst switches with the ACS radius server with an Active Directory authentication database and a Microsoft windows XP client machine. I would like to authenticate users based on AD info and place the computer in the authorized vlan. I have found that I am unable to use the windows credentials for dot1x authentication when a new user is using a machine. The process of logging into the machine and changing the user's vlan often causes the machine to be unable to obtain an IP address through DHCP. Cisco has recommended to not use the Windows credentials and use the separate dot1x authentication but we were hoping to avoid multiple logins. Another issue is that the current windows xp implementation stores the dot1x credentials in the registry. The username, password and domain are all cached in current_user\software\microsoft\eapol\UserEapInfo. Unless this entry is deleted it is always used to determine the user credentials. This is also a problem when a different person tries to use the same machine in a lab or classroom shared machine. Has anyone encountered these problems on the wired side of the network and found a workaround. TIA ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
