09-07-2018 05:50 AM
Hi there
I'm trying to implement wired 802.1x network security. I'v successfully configured my switch to support and forward the 802.1x auth request to my Microsoft Radius NPS Server.
With a Notebook client I can connect to a port on the switch and I have to enter my username and password, which are then sent to the NPS and verified with my AD. After I've confirmed a .
Now, I want that my Cisco APs (connected to a WLC) also to authenticate with 802.1x. The request is passed from the AP to through the switch to my NPS but I receive the following error in Event Log (on the NPS):
The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
Is it not possible to use a Microsoft Radius Server for this?
Thanks for answering
Janis
---
On my Access Point I've debugged all dot1x traffic and found this:
[*09/05/2018 11:00:22.0475] hostapd:OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:02001002:lib(2):func(1):reason(2) [*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:2006D080:lib(32):func(109):reason(128) [*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:0B084002:lib(11):func(132):reason(2) [*09/05/2018 11:00:22.0475] hostapd:OpenSSL: tls_load_ca_der - Failed load CA in DER format error:02001002:lib(2):func(1):reason(2) [*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:20074002:lib(32):func(116):reason(2) [*09/05/2018 11:00:22.0475] hostapd:OpenSSL: pending error: error:0B06F002:lib(11):func(111):reason(2) [*09/05/2018 11:00:22.0475] hostapd:TLS: Failed to set TLS connection parameters [*09/05/2018 11:00:22.0475] hostapd:EAP-PEAP: Failed to initialize SSL. [*09/05/2018 11:00:22.0475] hostapd:dot1x: EAP: Failed to initialize EAP method: vendor 0 method 25 (PEAP) [*09/05/2018 11:00:22.0675] hostapd:dot1x: CTRL-EVENT-EAP-FAILURE EAP authentication failed [*09/05/2018 11:00:25.7664] Waiting for preferred uplink IP configuration [*09/05/2018 11:00:26.7761] Resetting wired0 and restart DHCP client [*09/05/2018 11:00:28.8054] ADDRCONF(NETDEV_UP): wired0: link is not ready [*09/05/2018 11:00:29.0054] ADDRCONF(NETDEV_CHANGE): wired0: link becomes ready [*09/05/2018 11:00:29.0154] wired0: 1000 Mbps Full Duplex
09-07-2018 06:01 AM
09-07-2018 06:14 AM
Sorry, my mistake. Can I move the post?
09-07-2018 06:28 AM
09-07-2018 07:11 AM
I see options, but I cannot move the post...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: