Re: 802.1X EAP-TLS Error - Page 2

michaelglosker · ‎06-27-2023

Over the past few weeks, I have been working on configuring 802.1x port-based authentication between my Cisco switch (RADIUS Client) and the NPS Server (My DC) using EAP-TLS authentication.

After completing the configuration on both sides following the tutorial provided in this link: Tutorial Link, I noticed that the status of my Ethernet port changed to "Authentication failed." To investigate further, I captured the EAP packets using Wireshark and observed that my computer responded with the identity but received a failure response with "EAP Code Failure 4."

Now, I'm trying to determine which side might be causing the error - the switch or the NPS server. I have referred to several guides, and it seems that the configuration on the NPS server was done correctly, and the CA certificate was imported to the client.

For reference, here is the configuration from the NPS and endpoint side: Configuration Link

Any insights or guidance on resolving this issue would be greatly appreciated.

Best regards,

Michael

Nancy Saini · ‎07-01-2023

Your switch is not initiating any RADIUS request to the NPS server, hence, no log seen on the server. What is the switchport configuration and AAA configuration done on the switch?

michaelglosker · ‎07-03-2023

MHM Cisco World · ‎07-03-2023

you config radius-group in authc/authz
but where is config of server in this group??

michaelglosker · ‎07-03-2023

MHM Cisco World · ‎07-03-2023

ip radius source-interface VLANx
then ping to server using this VLAN SVI as source, are the ping success ?

michaelglosker · ‎07-05-2023

Yes the result of the ping is success

MHM Cisco World · ‎07-05-2023

authentication port-control OR dot1xport-control
add above and then
show aaa server
the request count must increase in this case