Is 802.1x enabled on the nic?

Sent from my Android phone using TouchDown (www.nitrodesk.com)

-----Original Message-----
From: John Kaftan [***@utica.edu]
Received: Tuesday, 07 May 2013, 12:22pm
To: Enterasys Customer Mailing List [***@listserv.unc.edu]
Subject: [enterasys] Wired 802.1x


Working to get 802.1x going on Win 7 wired ports. I have it working if I save my credentials in Windows. If I don't save my credentials Windows never prompts me for credentials. Packet captures suggest that the client never responds to the initial eap packet from the switch so the switch never sends the challenge. I have the Wired AutoConfig service running. Any ideas? I've been messing with all of the settings. I see this happening on two machines both of which do fine on wireless 802.1x.

I am using B5s and NAC as my RADIUS server.

Thanks

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@qcc.mass.edu

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

There may be some switch config settings that might help. Try setting 8021x as first in priority for authentication. I also have seen admin-edge enabled on the end system port (spantree) cause 8021x to fail also.

Thanks,

Brian Anderson
***@ArcadiaSecureIT.com<mailto:***@ArcadiaSecureIT.com>
Network Engineer
3000 United Founders Boulevard, Suite 212
Oklahoma City, Oklahoma 73112
C +1 (501) 690-3305
F +1 (405) 562-8669
[cid:***@01CE4B1F.28BF7B30]

From: John Kaftan [mailto:***@utica.edu]
Sent: Tuesday, May 07, 2013 11:17 AM
To: Enterasys Customer Mailing List
Subject: [enterasys] Wired 802.1x


Working to get 802.1x going on Win 7 wired ports. I have it working if I save my credentials in Windows. If I don't save my credentials Windows never prompts me for credentials. Packet captures suggest that the client never responds to the initial eap packet from the switch so the switch never sends the challenge. I have the Wired AutoConfig service running. Any ideas? I've been messing with all of the settings. I see this happening on two machines both of which do fine on wireless 802.1x.

I am using B5s and NAC as my RADIUS server.

Thanks

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

I would see this as a PC issue, no? Because the system is not even prompting him to try and auth? If it does not come up with a login screen, whether or not the switch is configured properly, I think something is not setup on the PC.

Patrick Printz
Network Infrastructure

Quinsigamond Community College
670 West Boylston Street
Worcester, MA 01606-2092
w. 508-854-7517
c. 508-726-9529


"If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well."
~Martin Luther King, Jr.

From: Brian Anderson - ASI [mailto:***@arcadiasecureit.com]
Sent: Tuesday, May 07, 2013 1:34 PM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Wired 802.1x

There may be some switch config settings that might help. Try setting 8021x as first in priority for authentication. I also have seen admin-edge enabled on the end system port (spantree) cause 8021x to fail also.

Thanks,

Brian Anderson
***@ArcadiaSecureIT.com<mailto:***@ArcadiaSecureIT.com>
Network Engineer
3000 United Founders Boulevard, Suite 212
Oklahoma City, Oklahoma 73112
C +1 (501) 690-3305
F +1 (405) 562-8669
[arcadia-secure-it2-long-small]

From: John Kaftan [mailto:***@utica.edu]
Sent: Tuesday, May 07, 2013 11:17 AM
To: Enterasys Customer Mailing List
Subject: [enterasys] Wired 802.1x


Working to get 802.1x going on Win 7 wired ports. I have it working if I save my credentials in Windows. If I don't save my credentials Windows never prompts me for credentials. Packet captures suggest that the client never responds to the initial eap packet from the switch so the switch never sends the challenge. I have the Wired AutoConfig service running. Any ideas? I've been messing with all of the settings. I see this happening on two machines both of which do fine on wireless 802.1x.

I am using B5s and NAC as my RADIUS server.

Thanks

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@qcc.mass.edu<mailto:***@qcc.mass.edu>

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

John,

I have a few questions for you:

1. Are your authenticating the user or computer with your 802.1x
deployment?

2. Are these domain or non-domain computers?

3. Do you have the Nic configured for using User or Computer
authentication(based on your answer from question 1)?

4. Is your AD running on 2008 or 2008 R2? Because you can pust these
setting very easily to your domain computers running Win 7.

Thanks,

Jason Rearick
Senior Network Engineer
Home Office: Info Center
Utica National Insurance Group
P.O. Box 530
Utica, NY 13503

Email: ***@uticanational.com
Phone:315-734-2704



From: John Kaftan <***@utica.edu>
To: "Enterasys Customer Mailing List" <***@listserv.unc.edu>
Date: 05/07/2013 12:16 PM
Subject: [enterasys] Wired 802.1x



Working to get 802.1x going on Win 7 wired ports. I have it working if I
save my credentials in Windows. If I don't save my credentials Windows
never prompts me for credentials. Packet captures suggest that the client
never responds to the initial eap packet from the switch so the switch
never sends the challenge. I have the Wired AutoConfig service running.
Any ideas? I've been messing with all of the settings. I see this
happening on two machines both of which do fine on wireless 802.1x.
I am using B5s and NAC as my RADIUS server.
Thanks
--To unsubscribe from enterasys, send email to ***@unc.edu with the
body: unsubscribe enterasys ***@uticanational.com

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Yes

That's not good. I want to keep Admin-Edge. I do have 802.1x listed as
first. 802.1x is working just fine if I store my credentials within the
supplicate. My only problem is that I cannot get prompted by Windows.


On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI <

I would try turning it off one port and see if it works. I have a case open with GTAC on this issue. If you have the same problem you should be able to link up with that case?

On May 7, 2013, at 1:43 PM, "John Kaftan" <***@utica.edu<mailto:***@utica.edu>> wrote:

That's not good. I want to keep Admin-Edge. I do have 802.1x listed as first. 802.1x is working just fine if I store my credentials within the supplicate. My only problem is that I cannot get prompted by Windows.


On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI <***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>> wrote:
There may be some switch config settings that might help. Try setting 8021x as first in priority for authentication. I also have seen admin-edge enabled on the end system port (spantree) cause 8021x to fail also.

Thanks,

Brian Anderson
***@ArcadiaSecureIT.com<mailto:***@ArcadiaSecureIT.com>
Network Engineer
3000 United Founders Boulevard, Suite 212
Oklahoma City, Oklahoma 73112
C +1 (501) 690-3305<tel:%2B1%20%28501%29%20690-3305>
F +1 (405) 562-8669<tel:%2B1%20%28405%29%20562-8669>
<image001.png>

From: John Kaftan [mailto:***@utica.edu<mailto:***@utica.edu>]
Sent: Tuesday, May 07, 2013 11:17 AM

To: Enterasys Customer Mailing List
Subject: [enterasys] Wired 802.1x


Working to get 802.1x going on Win 7 wired ports. I have it working if I save my credentials in Windows. If I don't save my credentials Windows never prompts me for credentials. Packet captures suggest that the client never responds to the initial eap packet from the switch so the switch never sends the challenge. I have the Wired AutoConfig service running. Any ideas? I've been messing with all of the settings. I see this happening on two machines both of which do fine on wireless 802.1x.

I am using B5s and NAC as my RADIUS server.

Thanks

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@utica.edu<mailto:***@utica.edu>
--
John Kaftan
IT Infrastructure Manager
Utica College


* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Have a look at this document, it may help. Specifically look at section
1.1.10 - This would seem what “MIGHT” be missing ? How are you
disconnecting and reconnecting from the network ? Are you unplugging the
cable ? If you actually logout, you should get prompted for a new
login.



Best of luck !



Best Regards,

Bob Perry







*From:* John Kaftan [mailto:***@utica.edu]
*Sent:* Tuesday, May 07, 2013 2:43 PM
*To:* Enterasys Customer Mailing List
*Subject:* Re: [enterasys] Wired 802.1x



That's not good. I want to keep Admin-Edge. I do have 802.1x listed as
first. 802.1x is working just fine if I store my credentials within the
supplicate. My only problem is that I cannot get prompted by Windows.



On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI <
***@arcadiasecureit.com> wrote:

There may be some switch config settings that might help. Try setting
8021x as first in priority for authentication. I also have seen admin-edge
enabled on the end system port (spantree) cause 8021x to fail also.



Thanks,



Brian Anderson

***@ArcadiaSecureIT.com

Network Engineer

3000 United Founders Boulevard, Suite 212

Oklahoma City, Oklahoma 73112

C +1 (501) 690-3305

F +1 (405) 562-8669

[image: arcadia-secure-it2-long-small]



*From:* John Kaftan [mailto:***@utica.edu]
*Sent:* Tuesday, May 07, 2013 11:17 AM


*To:* Enterasys Customer Mailing List

*Subject:* [enterasys] Wired 802.1x



Working to get 802.1x going on Win 7 wired ports. I have it working if I
save my credentials in Windows. If I don't save my credentials Windows
never prompts me for credentials. Packet captures suggest that the client
never responds to the initial eap packet from the switch so the switch
never sends the challenge. I have the Wired AutoConfig service running.
Any ideas? I've been messing with all of the settings. I see this
happening on two machines both of which do fine on wireless 802.1x.

I am using B5s and NAC as my RADIUS server.

Thanks

- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@arcadiasecureit.com


- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@utica.edu
--
John Kaftan

IT Infrastructure Manager

Utica College



- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@enterasys.com

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Actually it does work when I have that set. I tried that earlier today.
Often in a university though machines are on the network that are not part
of the AD domain, like the first two I was working with. Its crazy that
Windows won't respond the the first eap packet from the switch unless
credentials are configured to be provided automatically. Wireless prompts
just fine. I did some research and it seems that 802.1x on wired is still
unreliable. I found 7 patches to install and it still doesn't work right.
I wonder why wireless is fine but wired isn't. The protocol has been
around since 2002 or so. It should be fully baked by now.

John
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

John, we've only done limited testing, but so far, authenticating with
802.1x AD machine accounts on Windows 7 has worked successfully for us.
Just a thought.
---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

It works for me if I go into the network settings and save my credentials.
It also works if I have a machine that is in the domain and I check
"Automatically use my Windows logon name and password". That will cover
90% of my cases.

However, if a machine is not on the domain and connects I expect that I
should be prompted by the supplicant to provide credentials. That is the
part that is not working.

Thanks

John

Is there any username that is populated in NAC when it fails
authentication? Have you tried specifying "user authentication"?
[image: Inline image 1]
--
*J*erry Herzog
Solutions Engineer
Enterasys Networks, Inc.
A Siemens Enterprise Communications Company

Mobile +1 330 224 6088
E-mail ***@enterasys.com

Twitter: @JerryHerzog <http://twitter.com/#!/@JerryHerzog>

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Yes I have tried that. I don't believe I see anything when it fails. I
will look again and will also check the syslog.

Another option would be to use policy based routing and tagging traffic with the Unregistered role to redirect client http traffic to nac captive portal to authenticate. This way the non domain clients won't have to configure their pcs for 8021x.

On May 9, 2013, at 12:31 PM, "John Kaftan" <***@utica.edu<mailto:***@utica.edu>> wrote:

Yes I have tried that. I don't believe I see anything when it fails. I will look again and will also check the syslog.


On Thu, May 9, 2013 at 1:26 PM, Herzog, Gerald <***@enterasys.com<mailto:***@enterasys.com>> wrote:
Is there any username that is populated in NAC when it fails authentication? Have you tried specifying "user authentication"?
<image.png>


On Thu, May 9, 2013 at 1:17 PM, John Kaftan <***@utica.edu<mailto:***@utica.edu>> wrote:
It works for me if I go into the network settings and save my credentials. It also works if I have a machine that is in the domain and I check "Automatically use my Windows logon name and password". That will cover 90% of my cases.

However, if a machine is not on the domain and connects I expect that I should be prompted by the supplicant to provide credentials. That is the part that is not working.

Thanks

John


On Thu, May 9, 2013 at 12:08 PM, Kay Avila <***@uni.edu<mailto:***@uni.edu>> wrote:
John, we've only done limited testing, but so far, authenticating with 802.1x AD machine accounts on Windows 7 has worked successfully for us. Just a thought.


On 5/7/2013 6:31 PM, John Kaftan wrote:
Actually it does work when I have that set. I tried that earlier today.
Often in a university though machines are on the network that are not
part of the AD domain, like the first two I was working with. Its crazy
that Windows won't respond the the first eap packet from the switch
unless credentials are configured to be provided automatically.
Wireless prompts just fine. I did some research and it seems that
802.1x on wired is still unreliable. I found 7 patches to install and
it still doesn't work right. I wonder why wireless is fine but wired
isn't. The protocol has been around since 2002 or so. It should be
fully baked by now.

John

On May 7, 2013 7:11 PM, "Robert Perry" <***@enterasys.com<mailto:***@enterasys.com>
<mailto:***@enterasys.com<mailto:***@enterasys.com>>> wrote:

Have a look at this document, it may help. Specifically look at
section 1.1.10 - This would seem what “MIGHT” be missing ? How
are you disconnecting and reconnecting from the network ? Are you
unplugging the cable ? If you actually logout, you should get
prompted for a new login.

Best of luck !

Best Regards,

Bob Perry

*From:*John Kaftan [mailto:***@utica.edu<mailto:***@utica.edu>
<mailto:***@utica.edu<mailto:***@utica.edu>>]
*Sent:* Tuesday, May 07, 2013 2:43 PM
*To:* Enterasys Customer Mailing List
*Subject:* Re: [enterasys] Wired 802.1x


That's not good. I want to keep Admin-Edge. I do have 802.1x
listed as first. 802.1x is working just fine if I store my
credentials within the supplicate. My only problem is that I cannot
get prompted by Windows.

On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI
<***@arcadiasecureit.com<mailto:***@arcadiasecureit.com> <mailto:***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>>> wrote:

There may be some switch config settings that might help. Try
setting 8021x as first in priority for authentication. I also have
seen admin-edge enabled on the end system port (spantree) cause
8021x to fail also.

Thanks,

Brian Anderson

***@ArcadiaSecureIT.com<mailto:***@ArcadiaSecureIT.com> <mailto:***@ArcadiaSecureIT.com<mailto:***@ArcadiaSecureIT.com>>


Network Engineer

3000 United Founders Boulevard, Suite 212

Oklahoma City, Oklahoma 73112

C +1 (501) 690-3305<tel:%2B1%20%28501%29%20690-3305> <tel:%2B1%20%28501%29%20690-3305>

F +1 (405) 562-8669<tel:%2B1%20%28405%29%20562-8669> <tel:%2B1%20%28405%29%20562-8669>

arcadia-secure-it2-long-small

*From:*John Kaftan [mailto:***@utica.edu<mailto:***@utica.edu>
<mailto:***@utica.edu<mailto:***@utica.edu>>]
*Sent:* Tuesday, May 07, 2013 11:17 AM


*To:* Enterasys Customer Mailing List

*Subject:* [enterasys] Wired 802.1x


Working to get 802.1x going on Win 7 wired ports. I have it working
if I save my credentials in Windows. If I don't save my credentials
Windows never prompts me for credentials. Packet captures suggest
that the client never responds to the initial eap packet from the
switch so the switch never sends the challenge. I have the Wired
AutoConfig service running. Any ideas? I've been messing with all
of the settings. I see this happening on two machines both of which
do fine on wireless 802.1x.

I am using B5s and NAC as my RADIUS server.

Thanks

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu>
<mailto:***@unc.edu<mailto:***@unc.edu>> with the body: unsubscribe enterasys
***@arcadiasecureit.com<mailto:***@arcadiasecureit.com> <mailto:***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>>

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu>
<mailto:***@unc.edu<mailto:***@unc.edu>> with the body: unsubscribe enterasys
***@utica.edu<mailto:***@utica.edu> <mailto:***@utica.edu<mailto:***@utica.edu>>




--

John Kaftan

IT Infrastructure Manager

Utica College

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu>
<mailto:***@unc.edu<mailto:***@unc.edu>> with the body: unsubscribe enterasys
***@enterasys.com<mailto:***@enterasys.com> <mailto:***@enterasys.com<mailto:***@enterasys.com>>

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu>
<mailto:***@unc.edu<mailto:***@unc.edu>> with the body: unsubscribe enterasys
***@utica.edu<mailto:***@utica.edu> <mailto:***@utica.edu<mailto:***@utica.edu>>

* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu>
<mailto:***@unc.edu<mailto:***@unc.edu>> with the body: unsubscribe enterasys
***@uni.edu<mailto:***@uni.edu>
--
John Kaftan
IT Infrastructure Manager
Utica College


* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@enterasys.com<mailto:***@enterasys.com>
--
Jerry Herzog
Solutions Engineer
Enterasys Networks, Inc.
A Siemens Enterprise Communications Company

Mobile +1 330 224 6088<tel:%2B1%20330%20224%206088>
E-mail ***@enterasys.com<mailto:***@enterasys.com>

Twitter: @JerryHerzog<http://twitter.com/#!/@JerryHerzog>




* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@utica.edu<mailto:***@utica.edu>
--
John Kaftan
IT Infrastructure Manager
Utica College


* --To unsubscribe from enterasys, send email to ***@unc.edu<mailto:***@unc.edu> with the body: unsubscribe enterasys ***@arcadiasecureit.com<mailto:***@arcadiasecureit.com>

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

I have seen behavior like this if the client is set to the default of "use
smart card". Check that the client is set to PEAP.

Karl Gerling
Senior Solutions Engineer
Enterasys Networks

http://about.me/Karl.Gerling

On May 9, 2013, at 1:31 PM, John Kaftan <***@utica.edu> wrote:

Yes I have tried that. I don't believe I see anything when it fails. I
will look again and will also check the syslog.
--
John Kaftan
IT Infrastructure Manager
Utica College


- --To unsubscribe from enterasys, send email to ***@unc.edu with
the body: unsubscribe enterasys ***@enterasys.com

---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Pulling from some dusty mental archives, I recall something similar in our
network: some refreshed Dell GX270 and some new GX620 models wouldn't
authenticate, and never even prompted for credentials. We discovered the
issue was related to the built-in Windows 7 drivers for their respective
NICs. Upgrading to the latest version from Broadcom's website corrected
the problem.

I hadn't seen any mention here of drivers, so thought I'd pass along my
experience.

Derek Johnson | Data Communications Coordinator
FORT HAYS STATE UNIVERSITY
415 Lyman Dr. TH 101, Hays, KS 67601
(785) 628 - 5688 | ***@fhsu.edu





From: Karl Gerling <***@enterasys.com>
To: "Enterasys Customer Mailing List" <***@listserv.unc.edu>
Date: 05/09/2013 12:58 PM
Subject: Re: [enterasys] Wired 802.1x



I have seen behavior like this if the client is set to the default of "use
smart card". Check that the client is set to PEAP.

Karl Gerling
Senior Solutions Engineer
Enterasys Networks

http://about.me/Karl.Gerling

On May 9, 2013, at 1:31 PM, John Kaftan <***@utica.edu> wrote:

Yes I have tried that. I don't believe I see anything when it fails. I
will look again and will also check the syslog.


On Thu, May 9, 2013 at 1:26 PM, Herzog, Gerald <***@enterasys.com>
wrote:
Is there any username that is populated in NAC when it fails
authentication? Have you tried specifying "user authentication"?
<image.png>


On Thu, May 9, 2013 at 1:17 PM, John Kaftan <***@utica.edu> wrote:
It works for me if I go into the network settings and save my credentials.
It also works if I have a machine that is in the domain and I check
"Automatically use my Windows logon name and password". That will cover
90% of my cases.

However, if a machine is not on the domain and connects I expect that I
should be prompted by the supplicant to provide credentials. That is the
part that is not working.

Thanks

John


On Thu, May 9, 2013 at 12:08 PM, Kay Avila <***@uni.edu> wrote:
John, we've only done limited testing, but so far, authenticating with
802.1x AD machine accounts on Windows 7 has worked successfully for us.
Just a thought.


On 5/7/2013 6:31 PM, John Kaftan wrote:
Actually it does work when I have that set. I tried that earlier today.
Often in a university though machines are on the network that are not
part of the AD domain, like the first two I was working with. Its crazy
that Windows won't respond the the first eap packet from the switch
unless credentials are configured to be provided automatically.
Wireless prompts just fine. I did some research and it seems that
802.1x on wired is still unreliable. I found 7 patches to install and
it still doesn't work right. I wonder why wireless is fine but wired
isn't. The protocol has been around since 2002 or so. It should be
fully baked by now.

John

On May 7, 2013 7:11 PM, "Robert Perry" <***@enterasys.com
<mailto:***@enterasys.com>> wrote:

Have a look at this document, it may help. Specifically look at
section 1.1.10 - This would seem what “MIGHT” be missing ? How
are you disconnecting and reconnecting from the network ? Are you
unplugging the cable ? If you actually logout, you should get
prompted for a new login.

Best of luck !

Best Regards,

Bob Perry

*From:*John Kaftan [mailto:***@utica.edu
<mailto:***@utica.edu>]
*Sent:* Tuesday, May 07, 2013 2:43 PM
*To:* Enterasys Customer Mailing List
*Subject:* Re: [enterasys] Wired 802.1x


That's not good. I want to keep Admin-Edge. I do have 802.1x
listed as first. 802.1x is working just fine if I store my
credentials within the supplicate. My only problem is that I cannot
get prompted by Windows.

On Tue, May 7, 2013 at 1:34 PM, Brian Anderson - ASI
<***@arcadiasecureit.com <mailto:***@arcadiasecureit.com>> wrote:

There may be some switch config settings that might help. Try
setting 8021x as first in priority for authentication. I also have
seen admin-edge enabled on the end system port (spantree) cause
8021x to fail also.

Thanks,

Brian Anderson

***@ArcadiaSecureIT.com <mailto:***@ArcadiaSecureIT.com>


Network Engineer

3000 United Founders Boulevard, Suite 212

Oklahoma City, Oklahoma 73112

C +1 (501) 690-3305 <tel:%2B1%20%28501%29%20690-3305>

F +1 (405) 562-8669 <tel:%2B1%20%28405%29%20562-8669>

arcadia-secure-it2-long-small

*From:*John Kaftan [mailto:***@utica.edu
<mailto:***@utica.edu>]
*Sent:* Tuesday, May 07, 2013 11:17 AM


*To:* Enterasys Customer Mailing List

*Subject:* [enterasys] Wired 802.1x


Working to get 802.1x going on Win 7 wired ports. I have it working
if I save my credentials in Windows. If I don't save my credentials
Windows never prompts me for credentials. Packet captures suggest
that the client never responds to the initial eap packet from the
switch so the switch never sends the challenge. I have the Wired
AutoConfig service running. Any ideas? I've been messing with all
of the settings. I see this happening on two machines both of which
do fine on wireless 802.1x.

I am using B5s and NAC as my RADIUS server.

Thanks

* --To unsubscribe from enterasys, send email to ***@unc.edu
<mailto:***@unc.edu> with the body: unsubscribe enterasys
***@arcadiasecureit.com <mailto:***@arcadiasecureit.com>

* --To unsubscribe from enterasys, send email to ***@unc.edu
<mailto:***@unc.edu> with the body: unsubscribe enterasys
***@utica.edu <mailto:***@utica.edu>




--

John Kaftan

IT Infrastructure Manager

Utica College

* --To unsubscribe from enterasys, send email to ***@unc.edu
<mailto:***@unc.edu> with the body: unsubscribe enterasys
***@enterasys.com <mailto:***@enterasys.com>

* --To unsubscribe from enterasys, send email to ***@unc.edu
<mailto:***@unc.edu> with the body: unsubscribe enterasys
***@utica.edu <mailto:***@utica.edu>

* --To unsubscribe from enterasys, send email to ***@unc.edu
<mailto:***@unc.edu> with the body: unsubscribe enterasys
***@uni.edu




--
John Kaftan
IT Infrastructure Manager
Utica College

--To unsubscribe from enterasys, send email to ***@unc.edu with the
body: unsubscribe enterasys ***@enterasys.com



--
Jerry Herzog
Solutions Engineer
Enterasys Networks, Inc.
A Siemens Enterprise Communications Company

Mobile +1 330 224 6088
E-mail ***@enterasys.com
Twitter: @JerryHerzog


--To unsubscribe from enterasys, send email to ***@unc.edu with the
body: unsubscribe enterasys ***@utica.edu



--
John Kaftan
IT Infrastructure Manager
Utica College

--To unsubscribe from enterasys, send email to ***@unc.edu with the
body: unsubscribe enterasys ***@enterasys.com
--To unsubscribe from enterasys, send email to ***@unc.edu with the
body: unsubscribe enterasys ***@fhsu.edu


---
To unsubscribe from enterasys, send email to ***@unc.edu with the body: unsubscribe enterasys gneu-***@gmane.org

Thanks. Yes that is what I am doing. I have it set for 802.1x first and
then Mac auth. So if the client fails 802.1x they will get sent to NAC so
I will be OK.

It's just stuck in my craw that this thing won't work especially when it
works fine on wireless. I've seen others struggling with 802.1x on the
wired side too during my research. I would say 802.1x is fully baked on
wireless (accept on Macs of course) so why is it funky on wired?


On Thu, May 9, 2013 at 1:35 PM, Brian Anderson - ASI <

Thanks I will try that. I have tried this from two very different laptops,
an older dell and a newish HP so I wasn't thinking drivers. I will give
that a try.

Thanks

John