We are in the process of rolling out 802.1x across our network - wired and wireless. We are using both machine and user certificates. We change vlans based on the user. So we have a logoff vlan for all company computers that don't have an interactive user session. So the logoff vlan has access to the DCs and CA to authenticate the machine and user.
We've run into one minor issue. Sometimes our logon script kicks in before EAP and the switches have completed the vlan change. This means that drives and printers sometimes don't map properly as the logoff vlan doesn't have access to file servers. Short of putting an arbitrary wait statement in the login script, does anyone have any ideas on a better solution? Thanks Kevin ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
