i have a problem when using ACS 5.1 with AP1141 through EAP-TLS authentication method.
when i try to connect my laptop , it's authenticated sucessfully , but when i try to authenticate third party Black Box using EAP-TLS , i have an authentication failure ( 12511 Unexpectedly received TLS alert message; treating as a rejection by the client ).
when i check the debug report at the ACS , i found that the authentication method when i use my laptop is x509_PKI , and it's successfully , but when i use the 3rd party devise , the authentication method in the radius log report is EAP-TLS , and it's failed.
so is there any different between the x509_PKI and EAP-TLS , if yes , how could i check EAP-TLS.
fyi, EAP TLS involves exchange of certificate between client and server, where the certificate issued to client is in x.509 format , issued by CA ( part of PKI ). The below could be reason of above mentioned error
The supplicant or client machine is not accepting the certificate from Cisco ISE.The client machine is configured to validate the server certificate, but is not configured to trust the Cisco ISE certificate.
i do confirm that , the 3rd Party already trust the AAA CA , and the AAA trust the 3rd Party CA.
when i use Cisco 4.1 Radius , the client is connected without any problem.
to clarify the status , this client accept only eap-tls authentication method ,so the only changes which i did on the 4.1 radius , is go to system configuration , global authentication setup , and enable the eap-tls only...and change the AP EAP request timeout to 0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :