802.1x authentication

[Michael Roberts]

I have a major problem with Windows XP and 802.1x. We have 802.1x using
EAP-PEAP setup on our network, and the actual authentication works great.

Here's the problem:
A workstation boots up, it is connected to a unauthenticated port, which
is fine. It could be a problem if I wanted to push SMS updates in the
middle of the night, but that is not the major issue. The major
problem is that when the user logs into the machine, the machine begins
loading, which can include mapping drives, launching network
applications, fetching information from remote systems... At this point
the 802.1x authentication still has not occurred. So everything
mentioned above fails. Drive mappings get a red 'X', applications
complain the network is not available, etc. By the time the
authentication occurs, a number of applications need to be restarted
that failed.

This is a major annoyance. Would it not make sense to perform the
802.1x authentication immediately after the user types their login
credentials? Granted, this would only work for an environment where the
user's login credentials are the same as their required 802.1x credentials.

Any ideas?????? Is MS listening on this group????

-mike

 

[Kurt]

Are the workstations connected to a Cisco (or other slow-startup) switch? If
so, try turning on portfast for the ports and see if that speeds up your
authentication.

....kurt

 

[Michael Roberts]

Excellent suggestion Kurt, but no we do not use Cisco. We are a Nortel
shop. All end user ports have spanning tree set to fast learning
though, which I believe the equivalent of your suggestion. Just trying
to keep the thread alive....

-mike