Network Access Control

Hi everybody.

I need your help, I have installed Symantec Network Access Control application in my enviorement, althougt I have applied many SEP Client authenticates with LAN Enforcer Appliance, today I had a issue with one, this Pc use Windows 7 that have installed SEP 12.1 release MP1.

I can see all the parameters pass the Host Integrity Policy but when I put the configuration for make the authentication 802.1x directly in the switch the client shows "authentication fail"  T_T, Certenly I dont know WHY !! if all the parameters have status passed and the policy and the Endpoint and  SEPM is upgrade, in the SEPM the client looks like well and dont present fails or rare things.

If anyone have a idea I listen..=)

Regards.

Hi,

Check this artical hope help you.

Adding an 802.1x switch policy for a LAN Enforcer appliance with a wizard

http://www.symantec.com/docs/HOWTO55752

Have you had 802.1x working with any other clients?  It really doen't matter if the client is passing all aspects of the HI policy, if it still fails 802.1x authentication.  If user auth is not required, you could try setting the LAN enforcer into transparent mode:

http://www.symantec.com/docs/TECH91193

Just in case you do already have it set for transparent mode, then the below articles mays help:

http://www.symantec.com/docs/TECH138082
http://www.symantec.com/docs/TECH93124

Hi everybody.

Fisrt of all, thanks for your comments and quick response.

James007 I alredy done it this configuration in my SEPM to join the Switch and Symantec´s Manager, sorry because I must put that information after =).

SMLatCST, yes I have an average 1500 clients with SNAC, A good point that I forgot says is that have configure "Tranparent mode" in this case just validate Host Integrity and Policy, and  Im using SEP client as Supplicant 802.1x.

-I have more information that for my is relevant say, for example when I have a client (PC or Laptop) with fail in the host Integrity this client automatically is sending to the Remediation VLAN, but in this client the client dont respect that and only sending "Authentication Fail" in the client and "Auth Falled" in the Switch.

Sometimes this mistake is sending because the endpoint disapear to the SEPM or when have corrupt the installation. I thougth solve this mistake using the Cleanwipe 12.1.2015 but in this case doesn't work =( sadly.

I hope this information can help  with my issue.

Thanks. Regards.

Just to clarify, even when HI fails, it still only reponds wth the "auth fail" message?  If this is the case, it sounds as if the machine in question may have an additional 3rd party supplicant installed.  Can you confirm?

I men, sorry for dont response before, I worked in the PC and I checked some other suplicant but in the client all kind applications are unavailable. Do you have other idea?¡?¡??!

Regards.

I'm afraid it might be time to log a case with Symantec.  If no other supplicant exists on the endpoint (and assuming you've tried repairing/reinstalling the client) then I can see no reason why it wouldn't be submitting an HI response.

Have you tested otehr versions of the client as well?

Hi Men.

Thanks for all your help in this case, I solve my issue...=) with this information. Certenly I didnt wait just 20 minutes, just keep down the configure in the swicth until this days and tried again put the configuration when found the information.

See you soon, men. XD Regards