Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

EAP-PEAP Termination with new controller certificate - Android not connecting

This thread has been viewed 2 times

  • 1.  EAP-PEAP Termination with new controller certificate - Android not connecting

    Posted Nov 16, 2016 10:04 AM

    Hi,

     

    one of our customers bought a new public-signed cert for his controller.

    The controller is configured for EAP-Termination with MSCHAP and has a database connection to a RADIUS server (I know it would be better to terminate with RADIUS direct).

     

    Since he is using the new certificate, all the android devices can't connect to the wifi. All the android devices respond with 'wrong password'. Windows 7 and 10 machines are running fine with the new server-certificate.

     

    In the log I see the message:

    deauth from sta: xxxxxx Reason: Response to EAP Challenge failed

     

    The controller is a 3200 with 6.2.1.4 running.

     

    Any ideas what could be possibly wrong with those androids or the config?



  • 2.  RE: EAP-PEAP Termination with new controller certificate - Android not connecting

    Posted Nov 17, 2016 08:51 AM

    First thing I'd check is if the Android clients trust the new certificate. They might not have the necessary CA cert..



  • 3.  RE: EAP-PEAP Termination with new controller certificate - Android not connecting

    Posted Nov 17, 2016 09:30 AM

    Hi,

     

    the CA is in the list of those android devices.



  • 4.  RE: EAP-PEAP Termination with new controller certificate - Android not connecting
    Best Answer

    Posted Nov 21, 2016 09:35 AM

    A controller update to 6.4.4.10 solved this issue. Seems that there was an incompatibility with EAP or the used TLS version