Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
1
Replies

EAP-TLS problem

paddyxdoyle
Level 6
Level 6

‎07-28-2004 11:55 AM - edited ‎07-04-2021 09:50 AM

Hi,

I am setting up a wireless network for a customer using ACS 3.2, MS Certificate server, and Aironet 1200 APs using EAP-TLS authentication from XP clients using the Cisco client and The Cisco® Aironet® IEEE 802.11a/b/g Wireless CardBus Adapter

I have created client and server certificates and i can authenticate without any problems from my PC using the Cisco client.

However no one else using exactly the same setup and configuration can authenticate using their own certificates from the same CA

I am not using MAC filtering, i have factory defaulted the AP and configured it from the CLI just incase the web gui had not removed the MAC addresses that i was originally filtering on and still no joy.

I can see the AP challenging the client from the debugs, but then i see the AP timing out the challenge as it doesn't receive a response from the client. I have tried changing the dot1x authentication to 120 secs but it still doesn't work.

If i change the authentication method on the Client to LEAP all devices work fine and obtaine an IP address from the DHCP server. This made me think it was the certificates causing the issue, so i deleted my own certificate and one of another client, created new ones and again only my client can authenticate using EAP-TLS

I have also tried using my certificate and Wireless card in the other client and it doesn't work

Any ideas would be very gratefull!

Labels:
0 Helpful
1 Reply 1

paddyxdoyle
Level 6
Level 6

‎07-30-2004 03:33 AM

Managed to get the above set up working by using web certificates for our users instead of chosing advanced >> client certificates.

I have now upgraded to ACS to 3.3 so we can use CRL. The first test with two users logging in using EAP-TLS worked fine, i then revoked one users certificate, and then they couldn't log in which is good. When i created and applied a new certificate for the user they still couldn't log in. The same behaviour happended for me. I can't see this being normal behaviour as i belive each certificate is unique and will be revoked on parameters other than user name (cn) ?? please correct me if iam wrong.

I then unistalled and reinstalled certificate server, and ACS 3.3. Now i am back to me being able to authenticate and my colleague can't authenticate, we both have new certificates, the ACS has a new certificate.

Has anyone got this configuration working correctly and reliably? (we are now using the eval version of 3.3)

Rgds

Paddy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card