Hi!
We recently tried to deploy wired dot1x in one of our environments (machine authentication), but some of the clients would not authenticate properly. It seems that the users that have a Lenovo Thinkpad 40A1 Dock Station would not "present" their certificate properly (or authentication server simply states that there is an unknown CA in the Certificate Chain), but when the client was directly connected to the switch it would authenticate without any issues (bypassing the dock station).
We also got it to work by removing the configuration from the client NIC (and keeping the configuration on the dock station NIC) which complicates things since not all clients are using this type of Dock station and it would be near to impossible to keep apart in the GPO Dot1x settings. It would also cause the client to not authenticate properly if/when roaming to conferance rooms (utilizing other dot1x enabled switchports).
Authentication Server: Cisco ISE
Switches are 2960X(TS&PS)
Do you have any ideas on how we could proceed/investigate this further? Anyone with similar issues?
No comments:
Post a Comment