802.1x - DHCP release
we using 802.1x enforcement and remediation working fine on our xp machine. when machine is out of compliance automatically moved to vlan 10 to remediate , moves production vlan. same thing not working on windows 7 machine. machine put in remediation vlan , remediated never releases ip remediation production vlan. issue switch config? if using cisco 2950's , 2650's. on windows 7 client?
hi,
the process should work follows:
1. healthy client in compliant_vlan becomes noncompliant (ex: firewall turned off).
2. client sends new access request health status.
3. nps matches access request noncompliant policy (event id 6272 , 6276 occur), and sends tunnel attribute switch instructing place client in noncompliant_vlan.
4. client moves compliant_vlan noncompliant_vlan, network interface cycle up/down during process.
5. client receives dhcp address on noncompliant_vlan.
6. client automatically remediates , sends new access request health status.
7. nps matches access request noncompliant policy (event id 6272 , 6278 occur), and sends tunnel attribute switch instructing place client in compliant_vlan.
8. client moves noncompliant_vlan compliant_vlan, network interface cycle up/down during process.
9. client receives dhcp address on compliant vlan.
if client not moving noncompliant vlan compliant vlan (step 8) even though see events 6272, 6278 (step 7) issue not dhcp rather vlan switch. said, , similar cisco said (i think), nps sends instructions switch, switch must obey them. because see events on nps doesn't mean vlan switch occuring correctly.
can trace through steps above , tell me step broken?
thanks,
-greg
the process should work follows:
1. healthy client in compliant_vlan becomes noncompliant (ex: firewall turned off).
2. client sends new access request health status.
3. nps matches access request noncompliant policy (event id 6272 , 6276 occur), and sends tunnel attribute switch instructing place client in noncompliant_vlan.
4. client moves compliant_vlan noncompliant_vlan, network interface cycle up/down during process.
5. client receives dhcp address on noncompliant_vlan.
6. client automatically remediates , sends new access request health status.
7. nps matches access request noncompliant policy (event id 6272 , 6278 occur), and sends tunnel attribute switch instructing place client in compliant_vlan.
8. client moves noncompliant_vlan compliant_vlan, network interface cycle up/down during process.
9. client receives dhcp address on compliant vlan.
if client not moving noncompliant vlan compliant vlan (step 8) even though see events 6272, 6278 (step 7) issue not dhcp rather vlan switch. said, , similar cisco said (i think), nps sends instructions switch, switch must obey them. because see events on nps doesn't mean vlan switch occuring correctly.
can trace through steps above , tell me step broken?
thanks,
-greg
Windows Server > Network Access Protection
Comments
Post a Comment