Extreme Networks

Andrew_Schmitt · ‎08-25-2015

Does anyone have any suggestions on how to best configure the VNS and Windows NPS to handle 802.1X? I'm finding in our tests that users seem to drop off the VNS during the day and need to reconnect as well as just roaming throughout the building. Our NPS logs on the Windows server would appear to show the same. I did just turn on opportunistic keying and preauth but I'm curious if there are any other tweaks I should look for? Especially for iOS devices since we have quite a few of those. Thanks!

Andrew_Schmitt · ‎08-26-2015

I only have one V2110. It's running 09.21.02.0014. Could it have anything to do with the topology? It starts bridged at controller and then switches to bridged at AP after auth.

Doug · ‎08-26-2015

Okay, so the client would not get an IP until it authenticated. So using B@AP is not an issue, the clients will always get the ip from the Authenticated role. Contacting GTAC would probably be your best option, someone will look at the client state when it roams back into the network. It should try and probe the nearest ap then attempt to attach again...

I go home at night, then come back into the lab in the morning and my phone hooks right back up. I'm using b@ap tagged for my topology.

Doug Hyde
Director, Technical Support / Extreme Networks

Andrew_Schmitt · ‎08-26-2015

No, sir. The installer set it up as mentioned because the wireless clients need to be in a different subnet than the rest of the network since I ran out of DHCP scope space. it's all converging layer-3 at the X460 stack. If I didn't bridge at AP, I would need to allow everything as a radius client through PEAP, as far as I understand it, but I'm new to Identifi of course 

Doug · ‎08-26-2015

All in the same ip subnet?

Doug Hyde
Director, Technical Support / Extreme Networks

Extreme Networks

802.1X and Windows NPS Configuration Best Tips

802.1X and Windows NPS Configuration Best Tips