Re: IAS, Cisco AP's and VLAN'S

From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 11/28/04 

Date: Sun, 28 Nov 2004 14:51:17 -0800

This confirms that IAS is not the culprit here, you're getting authenticated
just fine.
A possible fix here is to make sure the DHCP server is on the same Vlan that
the clients authenticate to 

-- 
      =============================================
  This posting is provided "AS IS" with no warranties, and confers no rights
Join us on Nov 29th 1:00 to 2:00 PM PST, for an online webchat on "Using and 
troubleshooting RADIUS using IAS"
This chat will help you resolve all of your RADIUS/IAS issues. You can ask 
about RADIUS, IAS, 802.1x, Active directory configuration and Certificate 
services, related to IAS and RADIUS
Follow this link to join the chat
http://www.microsoft.com/communities/chats/default.mspx#04_Nov29_IAS_RADIUS
      =============================================
"Andy Fenwick" <Andy Fenwick@discussions.microsoft.com> wrote in message 
news:B01B792D-0082-47B6-BD88-8480A7C1AF3D@microsoft.com...
> OK, I am using IAS log viewer to read the IAS logs, an what we see is two
> refrences to the station authentication, and two for the user 
> authentication,
> all of these are successes, however the user doesnt get an IP address. 
> What
> happens is the station picks up an ip address as it starts up /registers 
> and
> then that IP address is lost when the user logs in. I have seperate
> autoenrollment policies setup for the user and the workstation. We only 
> have
> 3 vlans on the test switch, with ip routing enabled and no access control
> listss in place at all. If we reconfigure all of the equipment and place 
> it
> in a single vlan it seems to work fine for users and workstations. We are
> using Standard Radius, and have no vendor specific attributes setup.
>
> "Sam Salhi [MSFT]" wrote:
>
>> There is no difference in what kind of account you use to authenticate
>> (machine vs. user)
>> I would highly trouble shoot the infrastructure, sounds like the vlan 
>> setup
>> is not optimal
>>
>> Question: Are you getting any authentication failures on the IAS server?
>> Question: Have you setup different policies to handle Machine and user
>> accounts?
>>
>>
>> -- 
>>       =============================================
>>   This posting is provided "AS IS" with no warranties, and confers no 
>> rights
>>
>> Join us on Nov 29th 1:00 to 2:00 PM PST, for an online webchat on "Using 
>> and
>> troubleshooting RADIUS using IAS"
>> This chat will help you resolve all of your RADIUS/IAS issues. You can 
>> ask
>> about RADIUS, IAS, 802.1x, Active directory configuration and Certificate
>> services, related to IAS and RADIUS
>> Follow this link to join the chat
>> http://www.microsoft.com/communities/chats/default.mspx#04_Nov29_IAS_RADIUS
>>       =============================================
>>
>> "Andy Fenwick" <afenwick@rm.com> wrote in message
>> news:993601c4d22c$4f207e20$a301280a@phx.gbl...
>> > We are attempting to build a test network, composed of 2
>> > Windows 2003 Std Servers (DC's) and a Windows 2003 Ent
>> > Server (DC) which is running IAS Server and is configured
>> > as a subordinate Certificate Authority so that we can
>> > auto-enroll workstation and User certificates,
>> > certificate enrollment is done wired to the LAN. This
>> > seems to work reliably if we have a flat network, but as
>> > soon as we configure VLANs, we start having problems, the
>> > log files indicate that the stations authenticate
>> > reliably, but the users do not, we are using a Cisco 3750
>> > switch and cisco 1200 AP's. At present IAS and Actives
>> > are on one VLAN plus one of the dc's on one VLAN, the
>> > Forest Root DC is on another VLAN. Access-points have two
>> > vlans, and appropriate trunks configured. Any help
>> > appreciated! Thanks!
>>
>>
>>

Relevant Pages

  • Re: 802.1x authentication for wireless issues w/ ISA 2004
    ... If you can post perhaps 10 lines from the IAS log, ... It states to use windows to authenticate all ... If i turn the radius setting ...
    (microsoft.public.windows.server.sbs)
  • Re: 802.1x authentication for wireless issues w/ ISA 2004
    ... The do support WPA-EAP and the radius ... authenticate the computer and this is trying to authenticate the user and not ... If you can post perhaps 10 lines from the IAS log, ... represent my IAS server or the client laptops. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN 3005 to IAS authentication failure...
    ... Call it something like "VPN Users" or similar. ... install IAS using the Add/Remove Programs icon in Control Panel. ... we can now configure the PIX firewall as a RADIUS client. ... Any user that should be allowed to authenticate on a VPN connection will ...
    (comp.dcom.sys.cisco)
  • Re: IAS, Cisco APs and VLANS
    ... Are you getting any authentication failures on the IAS server? ... You can ask about RADIUS, IAS, 802.1x, Active directory configuration and Certificate services, related to IAS and RADIUS ... > log files indicate that the stations authenticate> reliably, but the users do not, we are using a Cisco 3750> switch and cisco 1200 AP's. ... At present IAS and Actives> are on one VLAN plus one of the dc's on one VLAN, the> Forest Root DC is on another VLAN. ...
    (microsoft.public.internet.radius)
  • Re: IAS server and access points
    ... I use PEAP and passwords to authenticate wireless clients. ... I get an occassional message on my IAS server that says "A RADIUS ...
    (microsoft.public.internet.radius)
Loading