802.1x
I have network configured to use 802.1x
authentication with a Cisco 3750 switch and a Microsoft IAS server providing
RADIUS services. And customers use windows xp and windows 7 installed on a workstation.
When they boot up the workstation, 802.1x authentication fails. If they unplug
the network cable from the workstation, then plug it back in, the workstation
immedately authenticates and grabs and IP address from DHCP.
If they reboot, authentication fails again until they unplug and replug the cable.
I can get the same result if I do a "shut/no shut" on the Cisco switch's
port.
Obviously, there's nothing actually wrong with 802.1x authentication, or
RADIUS or the switch. It's only when the workstation first boots up; I'm
guessing that while it's booting up, some service(s) are still coming up and
preventing authentication from working, but once the workstation has finished
booting, it is stuck in the switch's "failed authentication" vlan, and the
only way to restart the authentication process is to break the network
connection.
I search in google and find that this issue may occur if NAP agent has not yet started when the client first requests a DHCP address.
I try sc config dot3svc depend= napagent on the problemaitc client. It is help with windows xp, but it do not help with windows 7.
Does anyone know how to resolve this problem in windows 7? Thanks.
February 17th, 2011 3:18am