Thanks I will try that. I have tried this from two very different laptops, an older dell and a newish HP so I wasn't thinking drivers. I will give that a try.
Thanks John On Thu, May 9, 2013 at 2:07 PM, <[email protected]> wrote: > Pulling from some dusty mental archives, I recall something similar in our > network: some refreshed Dell GX270 and some new GX620 models wouldn't > authenticate, and never even prompted for credentials. We discovered the > issue was related to the built-in Windows 7 drivers for their respective > NICs. Upgrading to the latest version from Broadcom's website corrected > the problem. > > I hadn't seen any mention here of drivers, so thought I'd pass along my > experience. > > Derek Johnson | Data Communications Coordinator > FORT HAYS STATE UNIVERSITY > 415 Lyman Dr. TH 101, Hays, KS 67601 > (785) 628 - 5688 | [email protected] > > > > > > From: Karl Gerling <[email protected]> > To: "Enterasys Customer Mailing List" <[email protected]> > Date: 05/09/2013 12:58 PM > Subject: Re: [enterasys] Wired 802.1x > ------------------------------ > > > > I have seen behavior like this if the client is set to the default of "use > smart card". Check that the client is set to PEAP. > > Karl Gerling > Senior Solutions Engineer > Enterasys Networks > > *http://about.me/Karl.Gerling* <http://about.me/Karl.Gerling> > > On May 9, 2013, at 1:31 PM, John Kaftan > <*[email protected]*<[email protected]>> > wrote: > > Yes I have tried that. I don't believe I see anything when it fails. I > will look again and will also check the syslog. > > > On Thu, May 9, 2013 at 1:26 PM, Herzog, Gerald > <*[email protected]*<[email protected]>> > wrote: > Is there any username that is populated in NAC when it fails > authentication? Have you tried specifying "user authentication"? > <image.png> > > > On Thu, May 9, 2013 at 1:17 PM, John Kaftan > <*[email protected]*<[email protected]>> > wrote: > It works for me if I go into the network settings and save my credentials. > It also works if I have a machine that is in the domain and I check > "Automatically use my Windows logon name and password". That will cover > 90% of my cases. > > However, if a machine is not on the domain and connects I expect that I > should be prompted by the supplicant to provide credentials. That is the > part that is not working. > > Thanks > > John > > > On Thu, May 9, 2013 at 12:08 PM, Kay Avila > <*[email protected]*<[email protected]>> > wrote: > John, we've only done limited testing, but so far, authenticating with > 802.1x AD machine accounts on Windows 7 has worked successfully for us. > Just a thought. > > > On 5/7/2013 6:31 PM, John Kaftan wrote: > Actually it does work when I have that set. I tried that earlier today. > Often in a university though machines are on the network that are not > part of the AD domain, like the first two I was working with. Its crazy > that Windows won't respond the the first eap packet from the switch > unless credentials are configured to be provided automatically. > Wireless prompts just fine. I did some research and it seems that > 802.1x on wired is still unreliable. I found 7 patches to install and > it still doesn't work right. I wonder why wireless is fine but wired > isn't. The protocol has been around since 2002 or so. It should be > fully baked by now. > > John > > On May 7, 2013 7:11 PM, "Robert Perry" > <*[email protected]*<[email protected]> > <mailto:*[email protected]* <[email protected]>>> wrote: > > Have a look at this document, it may help. Specifically look at > section 1.1.10 - This would seem what “MIGHT” be missing ? How > are you disconnecting and reconnecting from the network ? Are you > unplugging the cable ? If you actually logout, you should get > prompted for a new login. > > Best of luck ! > > Best Regards, > > Bob Perry > > *From:*John Kaftan [mailto:*[email protected]* <[email protected]> > <mailto:*[email protected]* <[email protected]>>] > *Sent:* Tuesday, May 07, 2013 2:43 PM > *To:* Enterasys Customer Mailing List > *Subject:* Re: [enterasys] Wired 802.1x > > > That's not good. I want to keep Admin-Edge. I do have 802.1x > listed as first. 802.1x is working just fine if I store my > credentials within the supplicate. My only problem is that I cannot > get prompted by Windows. > > On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI > <*[email protected]* <[email protected]> <mailto:* > [email protected]* <[email protected]>>> wrote: > > There may be some switch config settings that might help. Try > setting 8021x as first in priority for authentication. I also have > seen admin-edge enabled on the end system port (spantree) cause > 8021x to fail also. > > Thanks, > > Brian Anderson > > *[email protected]* <[email protected]> <mailto:* > [email protected]* <[email protected]>> > > > Network Engineer > > 3000 United Founders Boulevard, Suite 212 > > Oklahoma City, Oklahoma 73112 > > C *+1 (501) 690-3305* > <%2B1%20%28501%29%20690-3305><tel:%2B1%20%28501%29%20690-3305> > > F *+1 (405) 562-8669* > <%2B1%20%28405%29%20562-8669><tel:%2B1%20%28405%29%20562-8669> > > arcadia-secure-it2-long-small > > *From:*John Kaftan [mailto:*[email protected]* <[email protected]> > <mailto:*[email protected]* <[email protected]>>] > *Sent:* Tuesday, May 07, 2013 11:17 AM > > > *To:* Enterasys Customer Mailing List > > *Subject:* [enterasys] Wired 802.1x > > > Working to get 802.1x going on Win 7 wired ports. I have it working > if I save my credentials in Windows. If I don't save my credentials > Windows never prompts me for credentials. Packet captures suggest > that the client never responds to the initial eap packet from the > switch so the switch never sends the challenge. I have the Wired > AutoConfig service running. Any ideas? I've been messing with all > of the settings. I see this happening on two machines both of which > do fine on wireless 802.1x. > > I am using B5s and NAC as my RADIUS server. > > Thanks > > * --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]> > <mailto:*[email protected]* <[email protected]>> with the body: > unsubscribe enterasys > *[email protected]* <[email protected]> <mailto:* > [email protected]* <[email protected]>> > > * --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]> > <mailto:*[email protected]* <[email protected]>> with the body: > unsubscribe enterasys > *[email protected]* <[email protected]> <mailto:*[email protected] > * <[email protected]>> > > > > > -- > > John Kaftan > > IT Infrastructure Manager > > Utica College > > * --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]> > <mailto:*[email protected]* <[email protected]>> with the body: > unsubscribe enterasys > *[email protected]* <[email protected]> <mailto:* > [email protected]* <[email protected]>> > > * --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]> > <mailto:*[email protected]* <[email protected]>> with the body: > unsubscribe enterasys > *[email protected]* <[email protected]> <mailto:*[email protected] > * <[email protected]>> > > * --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]> > <mailto:*[email protected]* <[email protected]>> with the body: > unsubscribe enterasys > *[email protected]* <[email protected]> > > > > > -- > John Kaftan > IT Infrastructure Manager > Utica College > > - --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]>with the body: unsubscribe enterasys > *[email protected]* <[email protected]> > > > > > -- > > *J*erry Herzog > Solutions Engineer > Enterasys Networks, Inc. > A Siemens Enterprise Communications Company > > Mobile *+1 330 224 6088* <%2B1%20330%20224%206088> > E-mail *[email protected]* <[email protected]> > > Twitter: *@JerryHerzog* <http://twitter.com/#%21/@JerryHerzog> > > > > - --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]>with the body: unsubscribe enterasys > *[email protected]* <[email protected]> > > > > > -- > John Kaftan > IT Infrastructure Manager > Utica College > > - --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]>with the body: unsubscribe enterasys > *[email protected]* <[email protected]> > > --To unsubscribe from enterasys, send email to > *[email protected]*<[email protected]>with the body: unsubscribe enterasys > [email protected] > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > -- John Kaftan IT Infrastructure Manager Utica College --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
