I have one issue with 802.1x and i need some help.
I have my laptop with my windows profile loaded and when I login, I can perform 802.1x authentication, and the switch apply the configuration to the Ethernet interface ( vlan, ....).
If for some reason, my coworker need to use my laptop, ad he will do it for the first time ( no windows profile loaded) it will fail to login on the laptop. I have notice, when the laptop is power on and no one have done the login, the laptop has no vlan associated, this create another issue, how can the IT guy perform the RDP if the laptop is not connected to any vlan.
Do I need to setup some configuration to put the laptop in some kind of standby vlan. Or do I need to set something the windows laptop?
In Windows, you need to configure the NIC card to do "User or Computer authentication". You will find it under "Advanced" 802.1x settings or through GPO policy.
You will need to configure a basic "machine" UNP profile that the computer can be assigned to whilst no user is logged on. This should allow access to basic things such as DHCP, ARP, DNS, AD authentication and not much more. Then you configure more specific "user" UNP profiles with relevant user permissions that will only apply whilst the user is logged on. When the user logs out, it will fall back to the other "machine" profile.
Hope this helps and if not please provide details about the type of authentication you're using (e.g. EAP-PEAP or EAP-TLS), what you're using as a Radius server, what AOS release you're using, etc.
I have found a solution for my issue, I have to enable on windows the user or machine authentication user name. All my machines name start with the same 2 letters, so I create a Ldap/Ad role profile to match the user name start with those two letters and assigne the “user logout profile”.
