Re: 802.1x / VLANs / GPO's

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "gio" <gio@xxxxxxx>
Date: Tue, 05 Feb 2008 00:54:04 GMT

The Authentication EAP type are you using? What Authentication Mode do you
have windows setup as?

HKEY_LOCAL_MACHINE\Software\Microsoft\EAPOL\Parameters\General\Global\AuthMode=

Now I have been testing this and hope to go into production this year. Here
are some of the resources I have used to develop my implentation strategy:

1) Deploying Windows Server 2003 Internet Authentication Service (IAS)
with Virtual Local Area Networks (VLANs), Microsoft Corporation Published:
June 2004

2) HP ProCurve Access Control Security Solution Implementation Guide,
July 2004

3) Deployment of IEEE 802.1X for Wired Networks Using Microsoft
Windows, Published: October 2003, Updated: October 2005

4) Build Guide - Implementing the Wireless LAN Security Infrastructure,
Chapter 9: Implementing the Wireless LAN Security Infrastructure, Published:
November 10, 2004 | Updated: November 24, 2004

"Timothy Maki" <TimothyMaki@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C3BB87A4-9783-4AE0-996E-AE810E746FA3@xxxxxxxxxxxxxxxx

I am having a problem with setting up 802.1x with dynamic VLANs on our
network. On machines that are not "domain" clients everything works fine
but
I run into problems when I try to connect a client that is part of the
domain. When the client tries to log in they get an error message stating
that the domain was unavailable. When I first got this error I decided to
use the machine auth until the client logged in and then have it reauth as
the user. The problem I have with this is that the client is reauthing as
the GPO is applying setting and/or the startup script is still running.
When
this happens the client's VLAN and IP change and the "startup" proccess
doesn't complete correctly. Any ideas?
--
Timothy Maki
Network Systems Manager
New Hampton School
"Just because something doesn''t do what you planned it to do doesn''t
mean
it''s useless." - Thomas Edison

Prev by Date: Re: Terminate EAP (-PEAP) at IAS Proxy and forward request as PAP.
Next by Date: Re: IAS with WorkGroup machines
Previous by thread: Re: Terminate EAP (-PEAP) at IAS Proxy and forward request as PAP.
Next by thread: Re: IAS with WorkGroup machines
Index(es):
- Date
- Thread

Relevant Pages

Re: just simple facts
... if u dont have client.. ... ISP would recommend to hide their problem of authentication so u dont have ... I want to know what enabling 'Client for Microsoft Networks' ... DUN will then redial ...
(microsoft.public.win2000.security)
Re: 802.1X Setup using Server 03 and Aironet 1200 Series WAP help
... Office/Home Office or Small Organization Networks" ... communication between the wireless client and IAS just was not ... most of the 170 pg Microsoft pdf located at the link below. ... Windows" documentation http://technet.microsoft.com/en-us/library/bb457068.aspx ...
(microsoft.public.internet.radius)
Re: MS Client Binding on External NIC
... Looks like unchecking Client for MS Networks on the external NIC doesn't buy ... a whole lot of additional security with SBS 2003 Standard. ... Merv Porter [SBS MVP] ...
(microsoft.public.windows.server.sbs)
Re: just simple facts
... I do use Client to browse local network but not on my dialup adapter. ... I want to know what enabling 'Client for Microsoft Networks' ... >> Why would an ISP 'recommend' it be installed for Internet access? ...
(microsoft.public.win2000.security)
Re: Is Zotob A MS Plot . . . .
... >>> properly secure a network or node so that even exploits don't impact ... > around 1500 as we pick up another client with 9 offices. ... > connecting plants had to run even when the front office networks ... its negligent mistakes! ...
(microsoft.public.windowsxp.general)