This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1X and Windows NPS Configuration Best Tips

802.1X and Windows NPS Configuration Best Tips

Andrew_Schmitt
New Contributor II

‎08-25-2015 06:08 PM

Does anyone have any suggestions on how to best configure the VNS and Windows NPS to handle 802.1X? I'm finding in our tests that users seem to drop off the VNS during the day and need to reconnect as well as just roaming throughout the building. Our NPS logs on the Windows server would appear to show the same. I did just turn on opportunistic keying and preauth but I'm curious if there are any other tweaks I should look for? Especially for iOS devices since we have quite a few of those. Thanks!
0 Kudos
11 REPLIES 11

Andrew_Schmitt
New Contributor II

‎08-26-2015 03:57 PM

I only have one V2110. It's running 09.21.02.0014. Could it have anything to do with the topology? It starts bridged at controller and then switches to bridged at AP after auth.
0 Kudos

Doug
Extreme Employee
In response to Andrew_Schmitt

‎08-26-2015 03:57 PM

Okay, so the client would not get an IP until it authenticated. So using B@AP is not an issue, the clients will always get the ip from the Authenticated role. Contacting GTAC would probably be your best option, someone will look at the client state when it roams back into the network. It should try and probe the nearest ap then attempt to attach again...

I go home at night, then come back into the lab in the morning and my phone hooks right back up. I'm using b@ap tagged for my topology.
Doug Hyde
Director, Technical Support / Extreme Networks
0 Kudos

Andrew_Schmitt
New Contributor II
In response to Andrew_Schmitt

‎08-26-2015 03:57 PM

No, sir. The installer set it up as mentioned because the wireless clients need to be in a different subnet than the rest of the network since I ran out of DHCP scope space. it's all converging layer-3 at the X460 stack. If I didn't bridge at AP, I would need to allow everything as a radius client through PEAP, as far as I understand it, but I'm new to Identifi of course 
0 Kudos

Doug
Extreme Employee
In response to Andrew_Schmitt

‎08-26-2015 03:57 PM

All in the same ip subnet?
Doug Hyde
Director, Technical Support / Extreme Networks
0 Kudos
GTM-P2G8KFN