EAP doest work with Cisco Catalyst 2950?

Thai Duong thaidn at yahoo.com
Fri Jul 28 11:33:50 CEST 2006



--- James J J Hooper <jjj.hooper at bristol.ac.uk> wrote:

> Hi,
>   We had similar problems. An example of what we put
> in the switch config 
> to get it to work is here:
>
<http://www.bristol.ac.uk/is/computing/advice/networks/documentation/dot1x/cisco.html>
> 
> ... as Josh said - pay particular attention to the
> dot1x & radius server 
> timeout settings - we found the cisco defaults be be
> generally broken.
> 
> Regards,
>   James

Hi James, I follow your guide but still no lucks. It
seems that the problem remains in the server or client
side settings not in the switch. I always get
something like:

rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041],
ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a],
ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 05a8],
Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0080],
CertificateRequest
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate
A
rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled
for request 3
modcall: leaving group authenticate (returns handled)
for request 3

WTF is rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)?

Attachment is the debug log of freeradius, please take
a look at it. It's been two weeks and I still can not
make this work. Deadline is comming, please help.

Regards,

Thai Duong.


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the Freeradius-Users mailing list