EAP-TLS Error

cciesec333 · ‎09-17-2014

Hello.

I cannot get EAP-TLS auth to work on windows 7 wired setup. I've tested EAP-PEAP on wireless and wired - works fine. Also EAP-TLS for wireless works great. Clients are on same domain as radius (wich is Cisco ISE), we've deployed CA-services on that same domain too and are distributing certificates to clients via GPOs. Authenticators (switchports) are configured correctly, certificates work on EAP-TLS wireless setup, everything seems to be ok, but wired connection still cannot auth and EAP timeouts.

Here is the error:

Logged At: May 14,2013 11:52:12.159 AM
RADIUS Status: No response received during 120 seconds on last EAP message sent to the client : 5411 No response received during 120 seconds on last EAP message sent to the client

Venkatesh Attuluri · ‎09-17-2014

certificate not being trusted by device can result this error.. make sure you have the certificate trusted in the

certificate store

mscottini · ‎09-18-2014

http://support.microsoft.com/kb/980295/en-us - works for me!

mscottini · ‎09-19-2014

In fact, the issue was in CN, after change for SAN, worked fine!

http://d2zmdbbm9feqrf.cloudfront.net/2014/anz/pdf/BRKSEC-3045.pdf

Saurav Lodh · ‎09-18-2014

disable fast reconnect to the client

nspasov · ‎09-19-2014

Have you confirmed that the Supplicant is configured properly for EAP-TLS authentication? I have done this type of deployment many times and haven't had this issue.

Thank you for rating helpful posts!

Thank you for rating helpful posts!