Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows Client cannot connect to wireless LAN through EAP-TLS

I have a Cisco Aironet Access point which cannot be authenticated by a remote RADIUS server to connect to wireless lan through EAP-TLS. These is the debug output from the AAA process.

*Mar  7 10:56:56.337: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:56:56.369: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:56.385: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:56.385: dot11_auth_parse_client_pak: id is not matching req-id:1re

sp-id:2, waiting for response

*Mar  7 10:56:56.401: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:56.785: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:57.101: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:57.397: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:57.677: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:57.957: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:58.321: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:58.685: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: Received server response:

GET_CHALLENGE_RESPONSE

*Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r

esponse

*Mar  7 10:56:59.041: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:57:01.077: Client 0811.9650.8cb0 failed: reached maximum retries

*Mar  7 10:57:08.997: %RADIUS-4-RADIUS_DEAD: RADIUS server 165.72.12.12:1812,181

3 is not responding.

*Mar  7 10:57:08.997: %RADIUS-4-RADIUS_ALIVE: RADIUS server 165.72.12.12:1812,18

13 is being marked alive.

*Mar  7 10:57:14.481: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:57:14.521: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:57:44.521: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio

n failed

*Mar  7 10:57:44.801: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:57:44.829: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:58:14.829: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio

n failed

*Mar  7 10:58:15.105: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:58:15.141: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:58:45.141: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio

n failed

*Mar  7 10:58:45.425: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:58:45.449: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:59:15.449: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio

n failed

*Mar  7 10:59:15.729: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:59:15.753: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:59:45.753: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio

n failed

*Mar  7 10:59:46.009: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:59:46.037: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:59:50.077: Client 0811.9650.8cb0 failed: reached maximum retries

*Mar  7 10:59:50.349: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:59:50.373: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 10:59:55.077: Client 0811.9650.8cb0 failed: reached maximum retries

*Mar  7 10:59:55.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 10:59:55.361: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 11:00:00.077: Client 0811.9650.8cb0 failed: reached maximum retries

*Mar  7 11:00:00.333: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 11:00:00.357: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 11:00:05.077: Client 0811.9650.8cb0 failed: reached maximum retries

*Mar  7 11:00:05.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start

*Mar  7 11:00:05.365: dot11_auth_parse_client_pak: Received EAPOL packet from 08

11.9650.8cb0

*Mar  7 11:00:10.077: Client 0811.9650.8cb0 failed: reached maximum retries

2 REPLIES

Windows Client cannot connect to wireless LAN through EAP-TLS

You need to look into the RADIUS server logs to see the reason of the failure.

What do the logs on the RADIUS say about this client?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
New Member

Windows Client cannot connect to wireless LAN through EAP-TLS

Kindly get verified the configuration and the compatibility if there is a mismatch. Please find the link below for more information on EAP-TLS functions in Access points and clients.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39110

365
Views
0
Helpful
2
Replies
CreatePlease login to create content