802.1x Issue with some clients.

We have been rolling out dot1x and have hit a couple small snags. We have some users, that once their port is configured they have issues finding the domain controller.

In these cases it appears that the network adapter on these PC's still has a red X until after the Error message about being unable to locate a logon server. Once the network adapter comes up the problem PCs start to get their logon scripts and everything.

I guess my question is in regards to the different timeout settings on the switch interface. Would these timeout settings have any effect in this case?

My initial though is no, because the RADIUS is showing the machine authenticating. I'm just trying to track down all angles for this issue.

Switchport access VLAN 10
switchport mode access
Authentication control-direction in
Authentication event fail action authorize VLAN 200
Authentication event server dead action authorize
authentication event no-response action authorize vlan 200
authentication event server alive action reinitialize
authentication port-control auto
authentication periodic 
dot1x pae authenticator
dot1x timeout quiet-period 10
dot1x timeout tx-period 5
spanning-tree portfast edge

Find more posts tagged with

Comments

paage

I'm not so educated in the switchworld yet but you might wanna enable portfast on the switchports where your clients connect to.

No idea if this might help.

cisco_trooper

Any luck Megadeth. I was trying to do dynamic VLANs quite some time ago, and the issue I ran into was a failure of roaming profiles and/or login scripts. This happened due to an interruption in network connectivity while the machine changed from the authentication VLAN to the end user's production VLAN. The conclusion I came to was the the workstation would need some kind of third party supplicant to hold the connection open longer while all these things got processed. I'm interested to know what you find, because I would still like to be able to use this some day.