Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Meaning of EAP-TLS errors in ACS

Hi Guys,

I'm trying to get a device authenticated to my wireless network using certificates. I get the generic error in ACS (4.2.0.124):

EAP-TLS or PEAP authentication failed during SSL handshake

Looking in the Auth log I get:

AUTH 12/09/2013 15:56:40 E 2255 3096 0x8b7ea5 EAP: EAP-TLS: ProcessResponse: SSL send alert fatal:handshake failure

AUTH 12/09/2013 15:56:40 E 2258 3096 0x8b7ea5 EAP: EAP-TLS: ProcessResponse: SSL ext error reason: c7 (Ext error code = 0)

AUTH 12/09/2013 15:56:40 E 2297 3096 0x8b7ea5 EAP: EAP-TLS: ProcessResponse(1519): mapped SSL error code (3) to -2120

AUTH 12/09/2013 15:56:42 E 3159 297052 0x0 AuthenReaper thread : Session Timed out since challenge not provided, freeing it

Can anyone help me with the reason codes or point me in the right direction?

Thanks,

John.

Everyone's tags (3)
1 REPLY
Cisco Employee

Meaning of EAP-TLS errors in ACS

Hi John,

This is mostly due to improper certificate installed on either the server or on the client machine.

Considering the issue with only one client I guess the server is clean.

Can you verify if proper root certificate, intermediate certificate and the id certificates are installed on client?

You can also regenerate a new machine ID cert for the client and give a try.

Thanks.

260
Views
0
Helpful
1
Replies