cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
486
Views
0
Helpful
6
Replies
Highlighted
VIP Mentor

5411 No response received during 120 seconds on last EAP message sent to the client

Hello Guys,

Today I tried with new CA certificates on my ISE server but I am facing this issue.

RADIUS Status:No response received during 120 seconds on last EAP message sent to the client : 5411 No response received during 120 seconds on last EAP message sent to the client

With old CA, all clients are working perfectly. But with new CA I am not bale to find out the root cause of this.

If anyone have an idea to solve this problem please share with me.

Thanks

Everyone's tags (3)
6 REPLIES 6
VIP Mentor

5411 No response received during 120 seconds on last EAP message

anyone have an idea ???

Hall of Fame Master

5411 No response received during 120 seconds on last EAP message

Sandeep,

With a new CA, you need to make sure that the clients are trusting or have the root CA of the new CA.  The message you see is usually because of the device not trusting that certificate.  If these are domain computers, then you can push the new CA certificate to the clients via GPO... make sure that all your servers have the new root CA in their trusted root CA store.

Your testing with the new oand the old, points to either client or AD isn't trusting that certificate.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
VIP Mentor

5411 No response received during 120 seconds on last EAP message

HI Scott,

I checked everything, with old CA everthing is working but withe new one no....

Even I send you the meaase by PM. If you have time then u can check via teamviewer ?

From myside I m totally blank now.

Regards

Hall of Fame Master

5411 No response received during 120 seconds on last EAP message

Sure... I have some time in a few hours... getting my daughter ready for school:)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
VIP Mentor

5411 No response received during 120 seconds on last EAP message

Thanks.

I am at my desk for next one hour. If you get time then its ok otherwise we will do it tommorow.

Regards

VIP Mentor

So here is the update and

So here is the update and resolution of this post:

What was the problem:

Device - 2100 WLC -7.0.240.0  ,  ISE 1.1:

1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits

Conclusion: not working

2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits

Conclusionworking

3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits

Conclusionworking

-----------------------------------------------------------------------------------------------

Then I tested with another controller with diff hardware version with diff software:

WLC 2504- 7.3.112.0, ISE 1.1

1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits

Conclusionworking

2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits

Conclusionworking

3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits

Conclusionworking

 

I dont know what exactly WLC is doing but in my view the culprit is WLC and WLC software version.

May be it helps , if anyone have the same problem.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards