When using Windows you can disable server verification by unchecking the Validate server certificate option in the EAP Properties dialog. Though this server validation is optional, it's typically enabled by default for 802.1X networks in Windows, whereas on smartphones and tablets it usually must be manually setup. To see if it's causing the problem, you can temporary disable it. Next you may want to see if there are issues related to the RADIUS server validation, the verification made by the client to ensure the legitimacy of the RADIUS server before moving forward with authentication. So consider steps like disabling and re-enabling the client's network connection and rebooting the computer or device. Next you may want to check for general network-related issues, such as with the wireless adapter or OS. For instance, the username and password if using PEAP, the smart card and PIN, or the user certificate if using EAP-TLS. If a single computer or device can't connect, the first item to check is if the correct login credentials are being provided. Solve connectivity issues with a single client By default, pre-authentication is disabled by Windows but can be enabled via the advanced 802.1X settings in Windows 7 or later, or via registry entries or Group Policy in Windows Vista or earlier.ģ. Once a client authenticates via one access point, the existing network connection is used to convey the authentication details to the other access points. Pre-authentication is a step further than PMK caching, basically performing PMK caching with other access points after connecting to just one, which can help make roaming the wireless network even more seamless. In Windows 7 and later you can configure these settings via the advanced 802.1X settings for each network connection, however in Windows Vista and earlier they must be edited via registry entries or Group Policy. This is typically enabled by default in Windows, with a default expiration time of 720 minutes (12 hours). WPA2 Pairwise Master Key (PMK) Caching allows clients to perform a partial authentication process when roaming back to the access point the client had originally performed the full authentication on. This is usually enabled by default when a client connects to an 802.1X network the first time, but if you push network settings to domain clients you should make sure Fast Reconnect is enabled. WPA/WPA2 Fast Reconnect (or EAP Session Resumption) caches the TLS session from the initial connection and uses it to simplify and shorten TLS handshake process for re-authentication attempts. The three most popular techniques are called WPA/WPA2 Fast Reconnect (or EAP Session Resumption), WPA2 PMK Caching, and Pre-authentication. When a Fast Roaming technique is supported by your network, however, it helps reduce the amount of full authentication processes a client must make on the network. ![]() And this full authentication process can interrupt the client connection, especially for latency-sensitive traffic like VoIP or video streams. By default, the full 802.1X authentication process must take place the first time a client connects to the network, when roaming to another wireless access point, and after the 802.1X session interval expires. If clients are still being intermittently disconnected (even if automatically reconnected), it may be because a Fast Roaming technique isn't being used. Also consider reinstalling and even updating the driver for the client's network adapter. ![]() ![]() If a client is having intermittent connection issues - disconnecting periodically, not reconnecting after resuming from sleep, or not roaming well between wireless access points - you may first want to eliminate general networking issues.įor wireless adapters that came with their own wireless configuration software, try uninstalling it so the adapter uses the native Windows interface and Microsoft 802.1X supplicant.
0 Comments
Leave a Reply. |