Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Eddyisgreat

macrumors 601
Original poster
Oct 24, 2007
4,851
2
As the title implies, i wanted to see if anyone who has access to a wired 802.1x network can confirm that the behavior has changed from 10.5/10.6.

As many will know, it's a giant PITA at the present. OS X will not connected to the wired network unless you manually hit "connect" in network settings. This is different than with wireless 802.1x auth where it'll ask for your credentials whenever you attempt to access the network.

Please let me know your experiences!

Thanks!
 
I have no idea, but I can attest to it being a major problem for WIRELESS on my end.

Have you tried using iPhone Configuration? Supposedly that helps
 
As the title implies, i wanted to see if anyone who has access to a wired 802.1x network can confirm that the behavior has changed from 10.5/10.6.

As many will know, it's a giant PITA at the present. OS X will not connected to the wired network unless you manually hit "connect" in network settings. This is different than with wireless 802.1x auth where it'll ask for your credentials whenever you attempt to access the network.

Though I am unable to test this, I believe it cannot really be done, unless you want it to simply always try to do 802.1x. The thing is that unlike with wireless networks, a station can't really detect the requirement to use 802.1x with wired networks. It'll just find itself staring at a silent network port. Wireless networks actually tell the station that they're using 802.1x, WEP or WPA.
 
Have you tried using iPhone Configuration? Supposedly that helps
I haven't tried wireless in my own network config but i'm scared none the less, although i've used other 802.1x networks that seemed to work fine. My hope is to atleast allow clients to auth at the login window, which seems to be possible now (albeit ONLY over wireless).

Though I am unable to test this, I believe it cannot really be done, unless you want it to simply always try to do 802.1x. The thing is that unlike with wireless networks, a station can't really detect the requirement to use 802.1x with wired networks. It'll just find itself staring at a silent network port. Wireless networks actually tell the station that they're using 802.1x, WEP or WPA.

It should be possible. When I monitor traffic between a windows workstation and the switch, I can see the switch (HP, btw) asking the client to provide credentials which invokes the following box (imaged below), Unless i'm misunderstanding the handshake process. I can't understand why we can't do the same on OS X.
 

Attachments

  • image.png
    image.png
    76.8 KB · Views: 240
We utilize a 802.1x wired and wireless network at my office and I can say that Lion is a definite improvement over SL in terms of it connecting, especially on the wired side of things. I totally feel your pain with users constantly having issues connecting to .1x networks. It will now store the credentials in keychain for a user profile which is huge for me. Also you can set it up to utilize login credentials to join, but you need to create the profile using the configuration utility included in either ARD 3.5 or Server Tools for Lion. Using the current iphone tool for SL results in it working, but not correctly. I'm not super happy about the profiles thing, I personally being an admin want to be able to configure .1x on the fly, but if you have a copy of the configuration utility on your laptop it's not too much work, but just seems like an extra step over SL. The ability to push the profiles is welcome though as I never got it to push .1x settings correctly via ARD on SL.

If you have any other questions let me know, I have Lion running as my primary OS right now and daily I come into our office, hop on the network and I'm placed in the right VLAN with no issues from .1x HUGE over my daily routine on SL.
 
If you have any other questions let me know, I have Lion running as my primary OS right now and daily I come into our office, hop on the network and I'm placed in the right VLAN with no issues from .1x HUGE over my daily routine on SL.

This is exactly what I wanted to hear. I actually abandoned the 802.1x rollout at work and opted for mac addy port protection and static vlans but we can throw it back in the mix if OS X clients associate properly.

No questions right now but thanks for your comments; it gives hope.
 
We utilize a 802.1x wired and wireless network at my office and I can say that Lion is a definite improvement over SL in terms of it connecting, especially on the wired side of things. I totally feel your pain with users constantly having issues connecting to .1x networks. It will now store the credentials in keychain for a user profile which is huge for me. Also you can set it up to utilize login credentials to join, but you need to create the profile using the configuration utility included in either ARD 3.5 or Server Tools for Lion. Using the current iphone tool for SL results in it working, but not correctly. I'm not super happy about the profiles thing, I personally being an admin want to be able to configure .1x on the fly, but if you have a copy of the configuration utility on your laptop it's not too much work, but just seems like an extra step over SL. The ability to push the profiles is welcome though as I never got it to push .1x settings correctly via ARD on SL.

If you have any other questions let me know, I have Lion running as my primary OS right now and daily I come into our office, hop on the network and I'm placed in the right VLAN with no issues from .1x HUGE over my daily routine on SL.

Could you help me out in using my school's wireless 802.1x? I really don't know what I'm doing when it comes to networks, but the website at our school (http://www.uic.edu/depts/accc/network/wireless/macleopard.html) says to use TTLS, LEAP, PEAP, MD5. How on EARTH do I set this up? Lion tries to connect, but keeps on asking for my credentials. I've tried to use the iPhone Configuration tool, but honestly, I'm thinking I'm just using it wrong. I created a profile and added in all this stuff (nowhere in the tool does it allow me to click on MD5) and when I connect, sometimes Lion allows me to use the configuration I've created, but it still doesn't work. Ah!! Drives me crazy.
 
Turns out my school doesn't support Lion yet and probably won't have anything developed for connection for a while. Apparently, and this is crazy, they still don't have connectivity for Android phones.
 
Turns out my school doesn't support Lion yet and probably won't have anything developed for connection for a while. Apparently, and this is crazy, they still don't have connectivity for Android phones.

If your school provides a .mobileconfig file intended to allow 802.1X support on iOS devices, you can import it just as easily into Lion. I've tested it, it works for me. You can also use the iPhone Mobile Phone Utility to get around Apple's omission of the plus button (previously there to create and manually configure 802.1X profiles) in 802.1X settings. Idea care of: http://blog.affien.com/archives/2011/03/16/802-1x-configuration-profile-on-lion-mac-os-x-10-7/.

I can't understand why Apple decided to omit the ability for users to configure 802.1X without downloading a profile, which is really only a file containing XML that corresponds to the fields previously available in Snow Leopard and earlier. Sometimes getting online is contingent upon setting up 802.1X making it difficult to get the profiles.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.