EAP doest work with Cisco Catalyst 2950?

Thai Duong thaidn at yahoo.com
Fri Jul 28 11:33:50 CEST 2006

--- James J J Hooper <jjj.hooper at bristol.ac.uk> wrote:

> Hi,
>   We had similar problems. An example of what we put
> in the switch config 
> to get it to work is here:
> ... as Josh said - pay particular attention to the
> dot1x & radius server 
> timeout settings - we found the cisco defaults be be
> generally broken.
> Regards,
>   James

Hi James, I follow your guide but still no lucks. It
seems that the problem remains in the server or client
side settings not in the switch. I always get
something like:

rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041],
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a],
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 05a8],
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0080],
    TLS_accept: SSLv3 write certificate request A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate
rlm_eap: SSL error
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  modcall[authenticate]: module "eap" returns handled
for request 3
modcall: leaving group authenticate (returns handled)
for request 3

WTF is rlm_eap: SSL error

Attachment is the debug log of freeradius, please take
a look at it. It's been two weeks and I still can not
make this work. Deadline is comming, please help.


Thai Duong.

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the Freeradius-Users mailing list