--- James J J Hooper <jjj.hooper@bristol.ac.uk> wrote:
Hi, We had similar problems. An example of what we put in the switch config to get it to work is here:
<http://www.bristol.ac.uk/is/computing/advice/networks/documentation/dot1x/cisco.html>
... as Josh said - pay particular attention to the dot1x & radius server timeout settings - we found the cisco defaults be be generally broken.
Regards, James
Hi James, I follow your guide but still no lucks. It seems that the problem remains in the server or client side settings not in the switch. I always get something like: rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05a8], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0080], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 WTF is rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)? Attachment is the debug log of freeradius, please take a look at it. It's been two weeks and I still can not make this work. Deadline is comming, please help. Regards, Thai Duong. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com