Wireless Access

Reply
Contributor I
Posts: 38
Registered: ‎06-05-2014

EAP-PEAP Termination with new controller certificate - Android not connecting

Hi,

 

one of our customers bought a new public-signed cert for his controller.

The controller is configured for EAP-Termination with MSCHAP and has a database connection to a RADIUS server (I know it would be better to terminate with RADIUS direct).

 

Since he is using the new certificate, all the android devices can't connect to the wifi. All the android devices respond with 'wrong password'. Windows 7 and 10 machines are running fine with the new server-certificate.

 

In the log I see the message:

deauth from sta: xxxxxx Reason: Response to EAP Challenge failed

 

The controller is a 3200 with 6.2.1.4 running.

 

Any ideas what could be possibly wrong with those androids or the config?


Sven
ACMP + ACCP
MVP
Posts: 992
Registered: ‎04-13-2009

Re: EAP-PEAP Termination with new controller certificate - Android not connecting

First thing I'd check is if the Android clients trust the new certificate. They might not have the necessary CA cert..

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Contributor I
Posts: 38
Registered: ‎06-05-2014

Re: EAP-PEAP Termination with new controller certificate - Android not connecting

Hi,

 

the CA is in the list of those android devices.


Sven
ACMP + ACCP
Contributor I
Posts: 38
Registered: ‎06-05-2014

Re: EAP-PEAP Termination with new controller certificate - Android not connecting

A controller update to 6.4.4.10 solved this issue. Seems that there was an incompatibility with EAP or the used TLS version


Sven
ACMP + ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: