Solved: Re: 5411 Supplicant stopped responding to ISE

ittechk4u1 · ‎02-25-2021

Hello Guys,

I am using cisco 2802 AP as WLC and using ISE for AAA.

Clients should be authenticate by using EAP-TLS.

I am getting these errors:

5411 Supplicant stopped responding to ISE

12931 Supplicant stopped responding to ISE after sending it the first EAP-TLS message

can anyone guide...

Thanks in advance

thomas · ‎03-09-2021

The endpoint is not trusting the ISE certificate.

You are probably using a self-signed certificate on ISE.

You will need to disable certificate validation on your endpoint supplicant (client) or get a properly signed certificate by your enterprise CA or public CA.

View solution in original post

Marcelo Morais · ‎02-25-2021

Hi @ittechk4u1 ,

to check what is going on during the process:

debug dot1x all

Hope this helps !!!

Mike.Cifelli · ‎02-25-2021

What supplicant are you using on your clients (NAM or native)? Are they properly configured to support eap-tls onboarding? Can you share more detailed live logs so the community can gather more info and see steps?

thomas · ‎03-09-2021

The endpoint is not trusting the ISE certificate.

You are probably using a self-signed certificate on ISE.

You will need to disable certificate validation on your endpoint supplicant (client) or get a properly signed certificate by your enterprise CA or public CA.