12-04-2023 09:37 PM
Hi everyone :
I have a problem recently,some of our company computers can't connect the 802.1x network.
Our Radius Server : ISE ,version 2.7 patch9
computer system :win 10 professional 22H2
WLC : cisco catalyst 9800-L wireless version 17.3.4c
when it connect to the wireless network, after i put the username/password, the computer show "can't connect to this network".
I check the WLC log:
% dot1x-5-fail: chassis 1 r0/0 :wncd:authentication failed for client (xxxx.xxxx.xxxx)with reason (timeout)
% dot1x-5-fail: chassis 1 r0/0:wncd:authentication failed for client (xxxx.xxxx.xxxx)with reason(cred fail)
About the ISE log:
12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate
12934 supplicant stopped responding to ISE during PEAP tunnel establishment
I have done these method before:
1. change the win 10 TLS version to 1.2 ,or 1.0
2.when win 10 connect network ,i choose peap and uncheck the box "validate server certificates"
3.win 10 import the eap certificate from ise ,and check the box "validate server certificates"
All the methods are not work.
How can i resolve this problem ? Thank you all very much!
12-04-2023 09:54 PM
I dont get' you use EAP cert of ISE' are this cert. Is self-signed or it signed by CA win10 trust it?
If it self signed then check this guide how you add self signed cert. To client.
12-04-2023 10:56 PM
Thank you for your help ! At the beginning, we don't use cert in computer. We uncheck the box "verify the server's identity by validating the certificate " when connect to the network.But some computer can't connect it .And then i export the cert "Default self-signed server certificate" from ISE ,and install it in the computer, as the guide you send to me .But it not work too.
12-05-2023 12:49 AM
Hi, maybe i find the solution. I set two ssid on the wlc,for example A and B.I set device authentication , add my computer mac address to it, and relate it to SSID A profile. But i never set mac filtering in SSID A or B. My computer can connect A ,but can't connect B.I remove the mac setting,my computer can connect A and B. Is that a bug ?Thank you!
12-05-2023 07:18 AM
The Catalyst 9800-L Wireless Controller running release 17.3.4 has an SMU available for what seems to be this very issue. Hitless/Recommended SMU, 9800 WLC stops sending RADIUS packets was released in 2021.
17.3.4c is VERY old and should be upgraded. The current suggested release is 17.9.4a
12-13-2023 10:28 PM
Yes,maybe i will update it,thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide