1 Nickel

802.1x and PC6224 connection problems

Hello Everyone

I am currently trying to implement 802.1x in my test environment using a IAS Serve, PC6248, and a Window XP SP3 connected to my test domain. I am using PEAP-MSChapv2 as my authentication method. I have also enable the option in Window XP to allow the user/pass/domain name to be pass to the IAS server as well so that the user can log on to the domain seemeinglessly.

The problem I am currently having is that when I have this option turn on. It dosen't seem to pass on my user/pass to the IAS server as no logs are generated on the IAS server. And an error message appears at the log in screen stating that the domain cannot be found.  But oddly enough if the user/pass has been cache on the XP machine before, I am able to authenticate to the IAS server automatically.

It seems as though XP is trying to authenticate to the domain server first instead of authenticating to the IAS server.I have tried this with a couple of XP machines and it seems to be doing the same thing.

Any help would be apprcaiated!!

Has anyone who has implmeneted 802.1x encounter this issue before?

In addition does anyone know if the PC6224  also support dynamic VLAN assignment from the IAS? like for example

User A gets assign to VLAN1 and if ser B logs on that the machine gets assign to VLAN2?


Re: 802.1x and PC6224 connection problems

So, first of all, let me answer your second question. yes, the PC6224 does support dynamic VLAN assignment with version or possibly before. There are no specific commands required as long as you have the normal dot1x setup correct. The 6224 will handle VLAN assignment if it receives a VLAN in the dot1x reply message with "dot1x port-control auto" configured on the port.

Regarding your domain dot1x problem, I am using Windows 2008 for my Radius server (which I believe replaces IAS with Network Policy Server) and everything seems to be running great, although my client PCs are running Windows Vista (but still using PEAP-MSChapv2 so I don't think this should matter). The setup seems similar (I have a separate domain server running windows 2003 and then the Radius/NPS running windows 2008 with Windows Vista as the client all connected by the PC6224) so maybe there is a difference in you configuration. Can you send me your switch configuration and I will take a look???  

