Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM 802.1x works with mobile but not pc (TLS error)

  • 1.  CPPM 802.1x works with mobile but not pc (TLS error)

    Posted 18 days ago
    Hello, im trying to set up 802.1x with CPPM, the user successfully connected using mobile devices but fails when trying to connect with a laptop.

    Here is the alert i found in access tracker:

    TLS Handshake failed in SSL_read with error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol eap-tls: Error in establishing TLS session​
    Any idea about this?
    Thank you.

    ------------------------------
    AA
    ------------------------------


  • 2.  RE: CPPM 802.1x works with mobile but not pc (TLS error)

    Posted 18 days ago
    Hi Aria_A,

    • What EAP method do you use? (example EAP-TLS or EAP-PEAP).
    • Could you share your 802.1x profile settings of your client device?
    • Did you install computer or user certificates?
    • Did you install the root and intermediate certificates on the client?


    ------------------------------
    marcel koedijk
    ------------------------------



  • 3.  RE: CPPM 802.1x works with mobile but not pc (TLS error)

    Posted 17 days ago
    1. I use EAP-PEAP.
    2.
    3 and 4. No, i use username and password for authentication


    ------------------------------
    Aria adhiguna
    ------------------------------



  • 4.  RE: CPPM 802.1x works with mobile but not pc (TLS error)

    Posted 17 days ago
    It seems like your windows 7 device missed the root ca and or intermediates in your client trust store. This is needes so your client can trust the server radius certificate your radius server is sending.

    I believe that TLS1.0 should be disabled as its considers as not secure.

    Also note that EAP-PEAP is not secure, credentials can be easy be stolen. Dont't use it in a production environment. A little bit protection can be set in the client profile where the client should not be allowed to accept new server certificates (lower checkbox)

    See also this video by Herman.

    Verstuurd vanaf mijn iPhone





  • 5.  RE: CPPM 802.1x works with mobile but not pc (TLS error)

    Posted 17 days ago
    As an additional note

    1. I tried using different laptop (Windows 10), and it works. The previous laptop was Windows 7.
    2. I tried enabling TLS v1 and TLS v2 in Cluster wide parameters, and the alerts changes
    EAP-PEAP: fatal alert by client - unknown_ca TLS Handshake failed in SSL_read with error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca eap-tls: Error in establishing TLS session​

    ------------------------------
    Aria adhiguna
    ------------------------------



  • 6.  RE: CPPM 802.1x works with mobile but not pc (TLS error)

    Posted 17 days ago
    Thanks for the update and quick reply. I'll be sure to keep an eye on this thread MyVanilla

    ------------------------------
    Kailey Farrell
    ------------------------------