802.1x authentication - user experience
Posted on 2010-11-13
I understand the basics of 802.1x (supplicants, authenticators, auth servers) operation and configuration, as well as AAA/RADIUS/etc. My questions here primarily involve the user experience when 802.1x has been deployed in a wired and wireless environment, since I have yet to see it in action.
I boot up a Windows XP computer (configured for 802.1x PEAP, and connected to an 802.1x-secured switch port) and eventually get a Windows login screen. At this point, I shouldn't be able to logon to the Windows domain, since the port hasn't been opened up by 802.1x authentication yet. My questions:
1) When exactly in the start-up sequence will the system authenticate to 802.1x, and ask me for 802.1x credentials?
2) Once the port has been opened via 802.1x, will I then have to enter those same AD credentials in the Windows logon screen, or is there a way to have the credentials I entered for 802.1x to be passed onto Windows and auto-authenticate (so the user only has to type them in once)?
3) How does the authentication process look different in a wireless environment? Let's say I've configured a secure WLAN that requires a pass-code to be configured on the workstation to get a connection. After I'm "connected" to the SSID, does an 802.1x authentication box pop up again like it does in the wired world, asking for AD credentials? Or, if you're using 802.1x authentication in a wireless environment to open the connection to the access point, would you not secure the WLAN at all?
Thanks in advance, and reference links/docs are always appreciated!