Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1x with Windows 7, Windows Network Policy Server and EX-4200 switches

it_
Occasional Contributor
‎03-13-2012 01:28:AM
‎03-13-2012 01:28:AM

802.1x with Windows 7, Windows Network Policy Server and EX-4200 switches

We've got a largely working 802.1x infrastructure. The Windows clients are using certificates issued by our Enterprise PKI, and we've got both computer and user certificates.

The intention is that if the computer or the user is valid, then NPS tells the switch which VLAN to put the user into, otherwise the switch puts them into the "guest" VLAN.

The problem we are seeing - and this mostly seems to happen when the computers are initially starting up/user is logging on - is that valid computers & users seem to be initially going into the guest VLAN (because the computer gets a DHCP-assigned IP address from that pool) and then authentication completes, the switch puts the computer into the correct VLAN but the computer isn't realising this and therefore doesn't request a new IP address from DHCP.

What I'm struggling to resolve is why the switch is ever putting the computer/user into the guest VLAN in the first place. This is proving to be difficult to troubleshoot because anything I need to do at the client end is really hard to do because the computer is starting up and I don't have access.

What can I do from the switch end? What logs can I look at or what additional diagnostics can I enable that might help me figure out what is going on here?

Any other suggestions as to what I can try or look at?

Thanks.

Philip

0 Kudos
2 REPLIES 2
kalagesan_
Super Contributor
‎03-13-2012 02:15:AM
‎03-13-2012 02:15:AM

Re: 802.1x with Windows 7, Windows Network Policy Server and EX-4200 switches

Hi ,

Are you using windows native client or Juniper OAC client , instead of user auth can you try machine authentication based on certificates using OAC if possible.

Also what happens after user auth if you release and renew the IP from the system do you get the right VLAN IP instead of guest VLAN

DO you have an infranet controller in you dot1.x setup, please clarify for the above queris

Regards,

kannan

0 Kudos
apaul_
Regular Contributor
‎03-13-2012 04:28:AM
‎03-13-2012 04:28:AM

Re: 802.1x with Windows 7, Windows Network Policy Server and EX-4200 switches

Hi Philip,

I belive EX experts @ http://forums.juniper.net/t5/Ethernet-Switching/bd-p/switch are better equipped to help you with your switch questions.

Reposting your query should defnitely help, as this community discuss UAC and OAC related topics.

Hope that helps

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.