https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/3999482#M108965 <P>Hi all-</P><P>&nbsp;</P><P>5520 controller running 8.5.140 and a 3702 AP in local mode.&nbsp; I have other devices of various types concected to this SSID using EAP-TLS, so I am confident in the controller config (WPA2 Policy, WPA2 Encryption=AES, Authentication Key Management=802.1x)</P><P>I have a linux device that I am trying to connect via EAP-TLS.&nbsp; The deice is using wpa_supplicant.&nbsp; the config file is as follows:</P><P>&nbsp;</P><P>network={<BR />ssid="mySSID"<BR />proto=RSN<BR />key_mgmt=IEEE8021X<BR />eap=TLS<BR />scan_ssid=1<BR />identity="myDevice"<BR />ca_cert="/etc/certs/cacert.pem"<BR />client_cert="/etc/certs/myDev.cer"<BR />private_key="/etc/certs/myDevkey"<BR />eapol_flags=3<BR />}</P><P>&nbsp;</P><P>The controller debug just shows the following:</P><P>&nbsp;</P><P>*spamApTask3: Dec 16 09:53:46.861: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID ec:bd:1d:15:7b:d7 (slot 1), status 13 0 rsnie-osnie accept failed<BR />*spamApTask1: Dec 16 09:53:52.260: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID 58:f3:9c:fb:a8:37 (slot 1), status 13 0 rsnie-osnie accept failed</P><P>&nbsp;</P><P>Anyone have a config that works for wpa_supplicant and EAP-TLS?&nbsp;</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P> Mon, 05 Jul 2021 18:26:16 GMT Wes Schochet 2021-07-05T18:26:16Z https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/3999482#M108965 <P>Hi all-</P><P>&nbsp;</P><P>5520 controller running 8.5.140 and a 3702 AP in local mode.&nbsp; I have other devices of various types concected to this SSID using EAP-TLS, so I am confident in the controller config (WPA2 Policy, WPA2 Encryption=AES, Authentication Key Management=802.1x)</P><P>I have a linux device that I am trying to connect via EAP-TLS.&nbsp; The deice is using wpa_supplicant.&nbsp; the config file is as follows:</P><P>&nbsp;</P><P>network={<BR />ssid="mySSID"<BR />proto=RSN<BR />key_mgmt=IEEE8021X<BR />eap=TLS<BR />scan_ssid=1<BR />identity="myDevice"<BR />ca_cert="/etc/certs/cacert.pem"<BR />client_cert="/etc/certs/myDev.cer"<BR />private_key="/etc/certs/myDevkey"<BR />eapol_flags=3<BR />}</P><P>&nbsp;</P><P>The controller debug just shows the following:</P><P>&nbsp;</P><P>*spamApTask3: Dec 16 09:53:46.861: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID ec:bd:1d:15:7b:d7 (slot 1), status 13 0 rsnie-osnie accept failed<BR />*spamApTask1: Dec 16 09:53:52.260: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID 58:f3:9c:fb:a8:37 (slot 1), status 13 0 rsnie-osnie accept failed</P><P>&nbsp;</P><P>Anyone have a config that works for wpa_supplicant and EAP-TLS?&nbsp;</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P> Mon, 05 Jul 2021 18:26:16 GMT https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/3999482#M108965 Wes Schochet 2021-07-05T18:26:16Z https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/3999509#M108966 <P>&nbsp;</P><P>&nbsp;- You may be hitting a CCKM <FONT color="#0000FF">compliance</FONT> issue ; check the following :</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<A href="https://community.cisco.com/t5/wireless-and-mobility/ccx-devices-matrix-support/td-p/2726474" target="_blank">https://community.cisco.com/t5/wireless-and-mobility/ccx-devices-matrix-support/td-p/2726474</A></P><P>&nbsp;I also found a related bug report :</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf55570/?rfs=iqvred" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf55570/?rfs=iqvred</A></P><P>&nbsp;M.</P> Mon, 16 Dec 2019 17:15:47 GMT https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/3999509#M108966 Mark Elsen 2019-12-16T17:15:47Z https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/3999543#M108967 I guess I don't understand how CCKM interacts with 802.1x. In my mind they are totally separate. What is the interaction there? Mon, 16 Dec 2019 18:39:33 GMT https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/3999543#M108967 Wes Schochet 2019-12-16T18:39:33Z https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/4003299#M108968 <P>The setting "<SPAN>key_mgmt=IEEE8021X" in your wpa_supplicant.conf file is for WEP keys only.&nbsp; You mentioned you are using WPA2, so you should use the following:</SPAN></P><P>&nbsp;</P><P><SPAN>key_mgmt=WPA-EAP</SPAN></P><P>&nbsp;</P><P><SPAN>Also, if you don't want to be prompted for the private key password, you can add the following line under private_key:</SPAN></P><P>&nbsp;</P><P><SPAN>private_key_passwd="password"</SPAN></P><P>&nbsp;</P><P>Dennis Bland</P><P>dB Performance Inc.</P><P>&nbsp;</P> Wed, 25 Dec 2019 03:16:45 GMT https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/4003299#M108968 Dennis Bland 2019-12-25T03:16:45Z https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/4005244#M108969 Thanks! That did the trick! Tue, 31 Dec 2019 21:16:41 GMT https://community.cisco.com/t5/wireless/wpa-supplicant-running-eap-tls-on-ubuntu/m-p/4005244#M108969 Wes Schochet 2019-12-31T21:16:41Z