Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VIP Purple

5411 No response received during 120 seconds on last EAP message sent to the client

Hello Guys,

Today I tried with new CA certificates on my ISE server but I am facing this issue.

RADIUS Status:No response received during 120 seconds on last EAP message sent to the client : 5411 No response received during 120 seconds on last EAP message sent to the client

With old CA, all clients are working perfectly. But with new CA I am not bale to find out the root cause of this.

If anyone have an idea to solve this problem please share with me.

Thanks

Everyone's tags (3)
6 REPLIES
VIP Purple

5411 No response received during 120 seconds on last EAP message

anyone have an idea ???

Hall of Fame Super Silver

5411 No response received during 120 seconds on last EAP message

Sandeep,

With a new CA, you need to make sure that the clients are trusting or have the root CA of the new CA.  The message you see is usually because of the device not trusting that certificate.  If these are domain computers, then you can push the new CA certificate to the clients via GPO... make sure that all your servers have the new root CA in their trusted root CA store.

Your testing with the new oand the old, points to either client or AD isn't trusting that certificate.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
VIP Purple

5411 No response received during 120 seconds on last EAP message

HI Scott,

I checked everything, with old CA everthing is working but withe new one no....

Even I send you the meaase by PM. If you have time then u can check via teamviewer ?

From myside I m totally blank now.

Regards

Hall of Fame Super Silver

5411 No response received during 120 seconds on last EAP message

Sure... I have some time in a few hours... getting my daughter ready for school:)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
VIP Purple

5411 No response received during 120 seconds on last EAP message

Thanks.

I am at my desk for next one hour. If you get time then its ok otherwise we will do it tommorow.

Regards

VIP Purple

So here is the update and

So here is the update and resolution of this post:

What was the problem:

Device - 2100 WLC -7.0.240.0  ,  ISE 1.1:

1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits

Conclusion: not working

2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits

Conclusionworking

3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits

Conclusionworking

-----------------------------------------------------------------------------------------------

Then I tested with another controller with diff hardware version with diff software:

WLC 2504- 7.3.112.0, ISE 1.1

1. Certificate on client contain: Signature Alogorithm: sha256, Public key: 2048 Bits

Conclusionworking

2. Certificate on client contain: Signature Alogorithm: sha256, Public key: 1024 Bits

Conclusionworking

3. Certificate on client contain: Signature Alogorithm: sha256, Public key: 4096 Bits

Conclusionworking

 

I dont know what exactly WLC is doing but in my view the culprit is WLC and WLC software version.

May be it helps , if anyone have the same problem.

390
Views
0
Helpful
6
Replies
CreatePlease login to create content