Security

Scratching my head. 

AOS-CX 6300M Set up with Clearpass as Radius Servers.  Wired Service and Wireless Set up Identical. Client Machine Will authenticate EAP-TLS over Wireless but Timesout on Wired.

Client Packet Capture is below. 

I feel confident in the certs because Wireless is working. 

Updated NIC Drivers. Clearpass states the "Client did not complete transaction" AOSCX switch states reason is server timeout. Client also says server timeout. 

The Packet capture I think is telling me that a TLS has started. I am not certain what the "Nearest-non-TPMR-bridge" destination is. Its like the switch isn't recieving the response packets to send to Radius server. 

Thanks ahead of time for some thoughts. 

Hi

Have you configured the correct shared secret for the switch and also in ClearPass? Check the Event log if you have any messages related to the switch IP and shared secret missmatch.

If ClearPass doesn't have the switch, or subnet, added and correct shared secret the requests will be dropped without any answer.

Scratching my head. 

AOS-CX 6300M Set up with Clearpass as Radius Servers.  Wired Service and Wireless Set up Identical. Client Machine Will authenticate EAP-TLS over Wireless but Timesout on Wired.

Client Packet Capture is below. 

I feel confident in the certs because Wireless is working. 

Updated NIC Drivers. Clearpass states the "Client did not complete transaction" AOSCX switch states reason is server timeout. Client also says server timeout. 

The Packet capture I think is telling me that a TLS has started. I am not certain what the "Nearest-non-TPMR-bridge" destination is. Its like the switch isn't recieving the response packets to send to Radius server. 

Thanks ahead of time for some thoughts. 

Thank you for the response. I do have the switch added as a device group. I am able to EAP-PEAP authenticate without an issue. It is just EAP-TLS that I see timeouts in the access tracker. 

Hi

Have you configured the correct shared secret for the switch and also in ClearPass? Check the Event log if you have any messages related to the switch IP and shared secret missmatch.

If ClearPass doesn't have the switch, or subnet, added and correct shared secret the requests will be dropped without any answer.

Scratching my head. 

AOS-CX 6300M Set up with Clearpass as Radius Servers.  Wired Service and Wireless Set up Identical. Client Machine Will authenticate EAP-TLS over Wireless but Timesout on Wired.

Client Packet Capture is below. 

I feel confident in the certs because Wireless is working. 

Updated NIC Drivers. Clearpass states the "Client did not complete transaction" AOSCX switch states reason is server timeout. Client also says server timeout. 

The Packet capture I think is telling me that a TLS has started. I am not certain what the "Nearest-non-TPMR-bridge" destination is. Its like the switch isn't recieving the response packets to send to Radius server. 

Thanks ahead of time for some thoughts. 

1- it could be trust server certificate on the Client   if you export both interface wifi and Lan profile  can you se if it deferent  Thumbprint (regrade trust)

******** using powershell

netsh lan export profile folder=c:\temp\                       

netsh wlan export profile name="your ssid name" folder=c:\

can you giv more information  regard (your role mapping and enforcement policy and     where the client  trying to authenticate through onp  AD or Azure    

Thank you for the response. I do have the switch added as a device group. I am able to EAP-PEAP authenticate without an issue. It is just EAP-TLS that I see timeouts in the access tracker. 

Hi

Have you configured the correct shared secret for the switch and also in ClearPass? Check the Event log if you have any messages related to the switch IP and shared secret missmatch.

If ClearPass doesn't have the switch, or subnet, added and correct shared secret the requests will be dropped without any answer.

Scratching my head. 

AOS-CX 6300M Set up with Clearpass as Radius Servers.  Wired Service and Wireless Set up Identical. Client Machine Will authenticate EAP-TLS over Wireless but Timesout on Wired.

Client Packet Capture is below. 

I feel confident in the certs because Wireless is working. 

Updated NIC Drivers. Clearpass states the "Client did not complete transaction" AOSCX switch states reason is server timeout. Client also says server timeout. 

The Packet capture I think is telling me that a TLS has started. I am not certain what the "Nearest-non-TPMR-bridge" destination is. Its like the switch isn't recieving the response packets to send to Radius server. 

Thanks ahead of time for some thoughts.