802.1x Wireless versus Wired authentication ?

Similar Messages

• Windows 7 802.1x (Wired) Authentication Failure when logging into Lync 2010

  Hi
  My company has implemented 802.1x Wired authentication, we use GPO to specify a
  Wired Profile that uses a COMPUTER certificate.
  We are finding that when a Windows 7 laptop comes out of sleep or hibernation, the laptop fails 802.1x authentication and does not connect to the network.
  This issue only occurs intermittently, but have been proven to occur only when Lync 2010 is open.  If we close Lync 2010 the issue does not occur.  Lync 2010 installs a self signed USER certificate for authentication.
  I am aware that there are some issues around Windows 7 not selecting the correct certificate when responding to authentication requests (KB2710995,
  KB2769121) but these always specify that the issue occurs when 802.1x authentication uses USER certificates, not a mix of USER and COMPUTER.  We have installed these hotfixes and the
  issue still occurs.

  Hi,
  From the description, you suspect the DHCP request cause this issue. Would you please send us the packets? Since it seems that you have looked into the traffic and found some clues.
  Meanwhile, I found the following hotfix which may related to this issue.
  No response to 802.1X authentication requests after authentication fails on a computer that is running Windows 7 or Windows Server 2008 R2 http://support.microsoft.com/kb/980295/en-us
  Next Action Plan:
  1.Clean Boot
  a. Click Start, click Run, type "msconfig" (without the quotation marks) in the Open box, and then click OK.
  b. In the Startup tab, click the "Disable All" button.
  c. In the Services tab, check the "Hide All Microsoft Services" checkbox, and then click the "Disable All" button.
  ======================================================
  Clean Boot + binary search
  In a Clean Boot, all the 3rd party services and startup programs are disabled. If the server can start normally in Clean Boot, we can be sure that the issue was caused by some 3rd party service or application. And then we can do a "binary search".
  You can enable half of all the services in Services tab, and then restart the server to check the result. If the issue reoccurs, it means the culprit is in this list; if not, the culprit is in the other half. And then, we can continue the binary search, until
  we find out the root cause. Please let me know if this action plan is OK for you.
  2.Collect etl trace on the problematic client.
  netsh trace start capture=yes overwrite=yes tracefile=c:\net.etl filemode=circular
  ****Try to reproduce this issue****
  netsh trace stop
  Please send the net.etl to us for underlying analysis.
  For any concerns, please let us know.
  Best regards,
  Steven Song
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• 802.1x wired authentication via PEAP, MD5

  Hi everyone,
  Thank you for taking the time for reading this, I am implementing a security solution and wanted to take th benefit of implementing 802.1x over wire. I have been searching a bit but no much info from start to finish on how to implementing this solution,
  i would really appreciate if someone could point me some where  to find  detailed instruction on how to do this, as so far i have been configuring in multiple way bit no result out of it. Still a orange port color on my switch, that means the first
  hop of security work but the next no.
  Thank you in advance to read this.

  Hi,
  According to your description, my understanding is that you want to deploy 802.1x wired authentication via PEAP, MD5 and need instructions about this.
  Some articles and just for your reference:
  802.1X Authenticated Wired Access Overview
  https://technet.microsoft.com/en-us/library/hh831831.aspx
  802.1X Authenticated Wired Access Design Guide
  https://technet.microsoft.com/library/dd378864(WS.10).aspx
  IEEE 802.1X Wired Authentication
  https://technet.microsoft.com/en-us/magazine/2008.02.cableguy.aspx
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• 802.1x wired authentication to AD

  Wired authentication:
  This is what I want to accomplish:
  Switch - ACS 4.0 -> Active Directory
  Assume a new user is logging into the network for the first time and he starts his computer which has been configured for 802.1x PEAP. I have checked off the option 'Automatically use my Windows logon name and password' in LAN properties
  Now, after the computer starts, the user is presented with the regular Windows dialog logon box to which he hits Ctrl+Alt+Del and enters his Windows AD credentials. I want those credentials to be sent to the switch as part of the 802.1x logon. After the port is authorized, those same credentials should be passed onto Active Directory to become authenticated to the Windows network.
  Possible? I'm assuming this is the way it should & can work

  Hi, you need machine authentication as well. Otherwise Windows will not be able to verify the user's identity and cannot log the user in. Windows authentication of the user takes place before the switchport authenticates for the user. Machine authentication allows the computer to authenticate and get access to the network before the user logs in. Thus the user authentication CAN take place because the DC's are only available after machine authentication succeeded.

• 802.1x Wireless Authentication

  Hello
  I am using a MS Certificate Server and MS Radius server with 802.1x Wireless Authentication. When the macs Authenticate I get a warning so to speak and the Cert will not save or trust. I have enter it in as a 509 anchor and other and still the same thing. Is anyone out there doing this.
  The windows says
  801x Authentication
  The Server Certificate could not be validated becuase the root certificate is missing.
  Thanks

  No, CA wasn't changed with R2.
  Are you able to see the User's certificate in the Keychain app under the login keychain & My Certificates? Can you see the CA's certificate under the X509Anchors?
  In the login keychain, when looking at the Users certificate, does it show as valid?

• 802.1x wireless authentication using NPS - SSO sign on to Office 365 using ADFS

  Hi Spiceys,I'm researching for a potential client and would like to know if the following is possible:They have an existing wireless network with a working 802.1x implementation using NPS as RADIUS. They are very keen to move to Office 365 and use SSO and my understanding is that they'll need to spin up a working ADFS implementation to arrange this. We want to use Microsoft tech to tie it all in, so 3rd party SSO apps I don't want to investigate.If a wireless client is authenticated with NPS, and we have a working ADFS implementation are they able to access Office 365 resources without signing in twice? I'd imagine that the NPS auth would give them the necessary DC token, but if they access O365 resources and get redirected to the ADFS website and use Windows integrated login, will it 'just work' ? They are looking at using the full...
  This topic first appeared in the Spiceworks Community

  did you find any resolution to this?  our mba- mid 2013 deployment is having a very similar problem.  We've gone through loads of troubleshooting and have yet to come to a resolution.  all our mid 2012 mba's are working fine they're 10.7.5/10.8.4 mixed.  console logs don't show much, i'll try the wireless diags tomorrow.  our other 10.8.4 build appears fine on other models of machines.  i've read posts about deleteing the adapters, deleting the system config plists and changing the mtu size, these steps do not work for us.
  we don't have as high a failure rate with our deployment, but 25%-30% of our clients randomly drop connectivity and are unable to reconnect (fluttering wi-fi wave).  when you slect the wifi symbol in the menu bar other wireless networks do not show, the 'looking for networks' fly wheel continues to spin.  ocasionaly on login the yellow jelly bean will appear then disappear before finally timeing out without logging the user in (depsite having mobile accounts enabled).    mostly the problem manifests itself when waking from sleep - the wifi symbol flutters endlessly without connecting.  deleting the 8021x profile and readding it will reenable connectivity.  we've tried new profiels, but to the same end.  i know our certs and systems are fine because previous mac os x builds work fine as do our windows clients.
  any input would be much appreciated.

• WRT54G2 V1 wired authentication with 802.1X

  Hello, does this device support WIRED authentication with 802.1X and MD5-crypt? If not, whether such a possibility in the next firmware version? Thanks for  your reply.

  Well i am not sure if that will work or not. May be you can give a try and check if its working or not.

• Wired authentication 802.1X

  Hi, I need to authenticate 802.1X in wired connection. Actualy my Lion work fine because have automaticaly converted the 802.1X profile, but I cant create new. In snow leopard in System Preferences/Network/Ethernet select Advanced, click in 802.1X tab i cant configure profile. So I can configure profile for my 802.1X authentication ??
  THANKS!!!!

  Hi,
  According to your description, my understanding is that you want to deploy 802.1x wired authentication via PEAP, MD5 and need instructions about this.
  Some articles and just for your reference:
  802.1X Authenticated Wired Access Overview
  https://technet.microsoft.com/en-us/library/hh831831.aspx
  802.1X Authenticated Wired Access Design Guide
  https://technet.microsoft.com/library/dd378864(WS.10).aspx
  IEEE 802.1X Wired Authentication
  https://technet.microsoft.com/en-us/magazine/2008.02.cableguy.aspx
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• 802.1x on a wired Lan Connection

  Dear Community,
  i have the job to connect a Windows CE 6.0 device to a Network (wired) with 802.1x. The switch to wich i connect the device  is operating as authenticator and the Wince device is the supplicant. A Radius Server with AD is also present .
  All the informations and samples  that i can find are relating to wireless LAN connections (WZCSVC). A description of the EAPOL API is also absent (or i was not able to find it).
  I'm afraid that Wince 6.0 is not prepared for using 802.1x over a wired connection like Win XP can, but i'm not sure about that. I can not find a definite  statement whether it is possibe or not.
  Does anybody know if it is possible and/or how i can solve this problem.
  Regards Achim

  Community,
  anybody has answer to this problem?  I have to do the same thing...
  Achim,
  did you solve this problem?Thank you
  in advance for any help you
  can provide.
  Regards Bruno

• 1552 in P-MP acting as 802.11a Wireless Bridge with single antenna SISO

  Can you configure three Cisco 1552EUs to act as a RAP and two MAPs in a bridge only Point to Multipoint configuration. 
  I'd like to disable two of the 5Ghz antenna ports and use just a single TX/RX port and a single directional antenna for each AP.
  Does this simply reduce the system gain because you lose the MRC MIMO advantage / gain of either 1.7 or 4.7db (depending on qty of spatial streams).
  Also, are the 1552EU's backward compatible with the Cisco 1310's in the configuration mentioned above.
  Thanks for any comments.

  The transfer speeds sound about right. The "54Mbps" is a signaling rate, not a throughput.
  To make 802.11 wireless "reliable"  (comparable to a wired network)  the data is, in effect, sent twice and staggered such that a glitch usually doesn't get both.
  In terms of throughput of your data, a strong signal with good signal quality, using IP, unencrypted  should run ~22-26Mbps (some variability for noise/interference, mixed frame sizes, TCP ACK times, application responses, etc). 
  So, at ~24 Mbps (megabits per second) you're looking at ~4  megabytes per second versus 100Mbps/12.5mBps as a probable max rate.
  Given that, a transfer that takes approximately one minute on a wired network under typical conditions ... having it take four-to-five minutes on a typical wireless system is about right.
  For power settings, you can adjust the power by monitoring the RSSI values on the receiving system. If I can find the docs on Cisco's main site I'll post 'em up later (gotta run ...), but if the mechanical install is good, then it'll just be a little keyboard work.
  Good Luck
  Scott

• Implementing IEEE 802.1X Standard over wired Ethernet LAN

  I'm trying to implement the 802.1X Standard on a wired LAN. Basically it is the EAP authentication mechanisms (like EAP-TLS, PEAP-MSCHAPv2) over the LAN(EAPOL). I've included the EAP Catalog items into my project but found out that the api's exposed by the
  eap DLL's are used by RAS. Remote Access service(RAS) I believe uses the Point to Point protocol which is different from EAPOL.
  Comparing to wireless, it seems there is a 802.1x Authentication module within the
  Native 802.11(Wireless) framework(http://msdn.microsoft.com/en-us/library/gg158436.aspx)
  I would just like to know if any Platform\BSP changes or implementations can be made to support EAP Authentications over Wired LAN?
  Thank You
  Regards

  Community,
  anybody has answer to this problem?  I have to do the same thing...
  Achim,
  did you solve this problem?Thank you
  in advance for any help you
  can provide.
  Regards Bruno

• 802.11 X port-level authentication or user-level authentication

  I have read many online documents about 802.11x, all that i found they named port-level authentication.
  It makes sense for a wired network, since we have got a physical port, then if the supplicant has been authenticated, his port will be open to transfer data.
  And same thing with a wireless network, but we do not have physical port, we have got logical port.
  I have read one document that mentioned that 802.11 is user-level authentication,,,any comment about this ?
  Regards

  Thanks steprodr
  That means in both cases (wired. wireless) a client has to be authenticated to pass through physical port or logical port to be able to access(use)network resources,,,,,
  What is my interpretation (correct me) to your reply, that with the wire we call it port level while with wireless (my conclusion, because explicitly you have mentioned that)we do not call it port level (i.e. it is called user level) ?

• Speed Tests Results for 802.11ac Wireless Connections

  Using the new Apple MacBook Air with 802.11ac wireless, I tested copying a file and a folder to both the new 802.11ac AirPort Extreme router housing a USB-connected hard disk and the less recent 802.11n Apple AirPort Extreme router housing a similar USB-connected hard disk.
  The results of the tests are summarized in the table below. The movie file was ripped from a DVD movie, and the Microsoft folder is simply the Microsoft Office 2011 folder in my Applications folder containing 14,231 items.
  The MacBook Air computer was located 6–8 feet away from each router with no intervening obstructions. While this was not a scientific test, it demonstrated to me that 802.11ac wireless is clearly superior to 802.11n in a real world setting. I assume that the lower relative performance of 802.11ac versus 802.11n for the large folder containing many files is due to overhead in copying and writing files from and to the hard disks. Ditto for the Gigabit Ethernet test.

  Great resource for speedtesting: www.speedtest.net
  Will show you ping speed, upload/download speeds for your connection. Try for each then post results.

• Can't connect to 802.1x wireless network after upgrading

  I have a year-old iPod Touch that I recently upgraded to iOS 6. I have no problems connecting to my home network, but since upgrading, I haven't been able to connect to the 802.1x wireless network at my job. When I try to connect, I get a spinning circle, but no actual connection. If I do nothing, it never times out, just keeps spinning.
  I've tried resetting the network settings. I am able to login and accept the certificate, but I never get an IP address. I have access to the logs, so I checked and I'm authenticating successfully. I had no problems whatsoever prior to upgrading to 6.01, and I have no trouble accessing the network with other devices, including my MacBook Pro and MacBook Air.

  If you restored to factory settings/new iPod and still have the problem that indicates a hardware problem.
  Make an appointment at the Genius Bar of an Apple store..
  Apple Retail Store - Genius Bar

• HP jetdirect ew2400 802.11g Wireless Print Server

  I have a network setup where there is a PC desktop and a couple of
  laptops (one Macbook Pro and the other a PC) which are respectively connected to a Linksys wireless router by wire and wirelessly. There is also an HP All-In-One 6110 thrown
  into this mix, which is currently hard-wired via USB to the desktop. I
  want to make the AIO networkable, both wirelessly and wired. I did
  some research and came across this JetDirect product from HP.
  I have a question about this particular product. It mentions in the
  literature that this product will either work wirelessly or wired. No
  where does it mention that it will do both at the same time. I am
  familiar with wireless routers which allow both wired and wireless
  connections. Would the same not be true for the print server?

  Henry G4 makes some good points.
  I am not sure I understand why you want to use both wireless and ethernet at the same time. In both cases it would be on the same local network, right? The only situation I can think of using both wired and wireless is if you have two separate networks and you're trying to share it on each.
  So, I add this: whether the printer were wired or wireless, it would be accessible to all computers in the same local network.
  Here is your real problem - drivers. Unless you have read something elsewhere, the OS X print driver HP provided for your AIO only works for direct USB connection. Not even with an HP Jetdirect. (not sure about scanning driver) read here:
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&task Id=120&prodSeriesId=408888&prodTypeId=18972&objectID=c00218889
  It will be cheaper to try sharing as Henry suggests. You will need the hpijs driver set:
  http://www.linux-foundation.org/en/OpenPrinting/MacOSX/hpijs
  PS - I know this is hard for Windows converts to get their arms around, because on Windows, a driver is a driver. But on OS X, we're not there yet - there are two kinds of print drivers.
  PS#2 - This product "might" work for your printer (I don't have one). It has software on the mac & PCs to make USB devices appear to be at the computer:
  http://www.keyspan.com/products/us4a/