I have a c2969-48PST-L switch running IOS Version 12.2(55) SE. The switch is configured for 802.1x authentication. The radius server is a Cisco ACS 5.2. We are using PEAP and allowing EAP-TLS and EAP-MS-CHAPv2. Windows 7 PCs (HP Elitebooks) are using the "windows" supplicant and configured to 802.1x authentication is enabled using Microsoft Protected EAP (PEAP), we are not validating any certificates and the authentication method is Secured password (EAP-MSCHAP v2). What is occurring every so often is that the PC will fail authentication (intermittently) and the ACS shows the reason as being 5411 EAP session timeout. This is a pretty generic message according to TAC.
The interesting part to me is the Authentication Method showing on the ACS when the authentication fails is simply PEAP. However, when it does not fail the Authenication Method is shown as PEAP (EAP-MSCHAPv2). We have the Cisco TAC looking at the ACS and they are saying the issue is the client not reponding to the request correctly from the switch.
However, I am wondering if the version of IOS softare on the switch maynot be handling the communication to the ACS correctly.
I have wireshark traces of a successful authenication and unsuccessful one. There does seem to be any difference from the client side at all.
Cisco 2509-RJ freezes during start-up I bought some Cisco 2509-RJ terminal server to work on my labs and was working fine. Today I turned it on and half way through starting up it seems to freeze. I can only find one instance of this happing to ...
Cisco Digital Network Architecture Center Modules(Design Module)Part.2In this article, we are going to talk about the Cisco Digital Network Architecture Center design Module. Cisco DNA Center gives us the flexibility and availability to con...
Connectivity Design considerations and recommendation
1.Management Access connectivity
If there is a dedicated OOB management path, consider connecting to CIMC and MGMT port.
If OOB path is not available, Connect the dedicated Management port to LAN Swi...
Cisco Digital Network Architecture Center Modules In this article, we are going to talk about Cisco Digital Network Architecture Center design Module. Cisco DNA Center gives us the flexibility and scalability to configure multiple fabric sites a...