Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4752
Views
6
Helpful
4
Replies

wpa_supplicant running EAP-TLS on ubuntu

Wes Schochet
Level 3
Level 3

‎12-16-2019 08:08 AM - edited ‎07-05-2021 11:26 AM

Hi all-

 

5520 controller running 8.5.140 and a 3702 AP in local mode.  I have other devices of various types concected to this SSID using EAP-TLS, so I am confident in the controller config (WPA2 Policy, WPA2 Encryption=AES, Authentication Key Management=802.1x)

I have a linux device that I am trying to connect via EAP-TLS.  The deice is using wpa_supplicant.  the config file is as follows:

 

network={
ssid="mySSID"
proto=RSN
key_mgmt=IEEE8021X
eap=TLS
scan_ssid=1
identity="myDevice"
ca_cert="/etc/certs/cacert.pem"
client_cert="/etc/certs/myDev.cer"
private_key="/etc/certs/myDevkey"
eapol_flags=3
}

 

The controller debug just shows the following:

 

*spamApTask3: Dec 16 09:53:46.861: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID ec:bd:1d:15:7b:d7 (slot 1), status 13 0 rsnie-osnie accept failed
*spamApTask1: Dec 16 09:53:52.260: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID 58:f3:9c:fb:a8:37 (slot 1), status 13 0 rsnie-osnie accept failed

 

Anyone have a config that works for wpa_supplicant and EAP-TLS? 

 

Thanks

 

0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎12-16-2019 09:15 AM

 

 - You may be hitting a CCKM compliance issue ; check the following :

                   https://community.cisco.com/t5/wireless-and-mobility/ccx-devices-matrix-support/td-p/2726474

 I also found a related bug report :

              https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf55570/?rfs=iqvred

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Wes Schochet
Level 3
Level 3
In response to marce1000

‎12-16-2019 10:39 AM

I guess I don't understand how CCKM interacts with 802.1x. In my mind they are totally separate. What is the interaction there?
0 Helpful

Dennis Bland
Level 1
Level 1

‎12-24-2019 07:16 PM

The setting "key_mgmt=IEEE8021X" in your wpa_supplicant.conf file is for WEP keys only.  You mentioned you are using WPA2, so you should use the following:

 

key_mgmt=WPA-EAP

 

Also, if you don't want to be prompted for the private key password, you can add the following line under private_key:

 

private_key_passwd="password"

 

Dennis Bland

dB Performance Inc.

 

Wes Schochet
Level 3
Level 3
In response to Dennis Bland

‎12-31-2019 01:16 PM

Thanks! That did the trick!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card