windows 7 EAP/TLS issue

Unanswered Question
Nov 16th, 2009
User Badges:
  • Silver, 250 points or more

Hi, has anybody seen the same issue previously:

1. WiSM 5.2.193/AP1252/ACS5.0/WINDOWS7 laptop/EAP-TLS authentication for the WLAN

2. Each time the client try to join the WLAN failed, there's no Radius authentication report for this failed connection in ACS5.0

3. When debug client xxxx in WLC, it says:

Sending EAP-Request/Identity to mobile

Received EAPOL EAPPKT from mobile

Received EAP Response packet with mismatching id (currentid=2, eapid=1) from mobile

It seems the client failed in the phase one of EAP-TLS(setup the TLS link).

I suspect that the client/server/CA certificates have some problem because these certs are used in the EAP-TLS phase one TLS setup. However I've been told the certs have no problem, their CA server engineer had checked. I don't have more evidence on showing the customer the certs had problem.

Now I can't get the support bundle from ACS and don't have other Laptop(XP or Vista)for testing.

Any idea on it? Any feedback will be appreciated

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Robert.N.Barrett_2 Tue, 11/17/2009 - 07:14
User Badges:
  • Bronze, 100 points or more

It seems to me that a certificate problem would get logged on the ACS server (it did when I tested 5.0). In order for there to be a certificate problem, the ACS server would have needed to present it's certificate to the WLC/AP in order for the client to receive/verify it (that's the first step in EAP-TLS). Therefore, something should have been logged in ACS, and I've found the ACS 5 logging to be pretty complete.

Are you sure you have the Windows 7 client properly configured for EAP-TLS? If you're not sure, is there any chance of using WireShark to do a wireless capture and see what kind of EAP the client is trying to perform?

What wireless supplicant are you using with Windows 7, and what flavor (Enterprise, Home, etc.) of Windows 7 are you running?


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode