Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EAP-TLS Error

Hello.

I cannot get EAP-TLS auth to work on windows 7 wired setup. I've tested EAP-PEAP on wireless and wired - works fine. Also EAP-TLS for wireless works great. Clients are on same domain as radius (wich is Cisco ISE), we've deployed CA-services on that same domain too and are distributing certificates to clients via GPOs. Authenticators (switchports) are configured correctly, certificates work on EAP-TLS wireless setup, everything seems to be ok, but wired connection still cannot auth and  EAP timeouts.

Here is the error:

Logged At: May 14,2013 11:52:12.159 AM
RADIUS Status: No response received during 120 seconds on last EAP message sent to the client : 5411 No response received during 120 seconds on last EAP message sent to the client

5 REPLIES
Cisco Employee

certificate not being trusted

certificate not being trusted by device can result this error.. make sure you have the certificate trusted in the

certificate store

New Member

http://support.microsoft.com

http://support.microsoft.com/kb/980295/en-us - works for me!

New Member

In fact, the issue was in CN,

In fact, the issue was in CN, after change for SAN, worked fine!

http://d2zmdbbm9feqrf.cloudfront.net/2014/anz/pdf/BRKSEC-3045.pdf

disable fast reconnect to the

disable fast reconnect to the client

Cisco Employee

Have you confirmed that the

Have you confirmed that the Supplicant is configured properly for EAP-TLS authentication? I have done this type of deployment many times and haven't had this issue. 

 

Thank you for rating helpful posts! 

Thank you for rating helpful posts!
77
Views
0
Helpful
5
Replies