Hi! I have a problem implementing 802.1x authentication in a LAN. Target: Hosts and users should be authenticated by a Radius Server. According to the user / machine group, the port on the Switch should be changed to the corresponding VLAN. The Client PCs are in the domain and roaming profiles are used. Radius Server: MS Server 2008 R2 Client: MS Windows 7 Switch: Cisco Catalyst 3560 Steps that are working so far: 1. Switchport is programmed to access a very restricted VLAN 2. After the PC is authenticated, it is moved to a less restricted VLAN, where the domain controller can be reached 3. User logon 3a. Radius Server authenticates the user 3b. VLAN on Switch is changed 3c. Roaming profile is loaded The above steps work fine, but at the logoff a problem occurs: 1. user (authenticated) clicks on "logoff" 2. PC is authenticated 3. VLAN on the Switch is changed 4. Roaming profile synchronisation: exactly this step fails, because the PC is alredy in a VLAN that has no access to the fileserver. Do you have any idea how to handle this problem? Looking forward to get an answer. Regards

Hi, After checking this issue, it seems this is related to network access protection, this inquiry would best be posted to Microsoft Network Access Protection forum: Network Access Protection Forum The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding Hope it helps. Alex Zhao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, If you have other questions, please feel free to let us know, we would like to help you. Have a nice day. Alex Zhao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.