Adding the EAP-TLS Fragment towards-server 1024 command reduced the size of the TLS Packets so they wouldn't get dropped Elsewhere in the network. Authentications are working as intended now!
Original Message:
Sent: Feb 20, 2024 04:30 PM
From: Abass Henjer
Subject: Client Able to Authenticate EAP-TLS over wireless but not Wired. But EAP-PEAP works. "Client did not complete transaction"
1- it could be trust server certificate on the Client if you export both interface wifi and Lan profile can you se if it deferent Thumbprint (regrade trust)
******** using powershell
netsh lan export profile folder=c:\temp\
netsh wlan export profile name="your ssid name" folder=c:\
can you giv more information regard (your role mapping and enforcement policy and where the client trying to authenticate through onp AD or Azure
Original Message:
Sent: Feb 20, 2024 07:45 AM
From: canesniffer
Subject: Client Able to Authenticate EAP-TLS over wireless but not Wired. But EAP-PEAP works. "Client did not complete transaction"
Thank you for the response. I do have the switch added as a device group. I am able to EAP-PEAP authenticate without an issue. It is just EAP-TLS that I see timeouts in the access tracker.
Original Message:
Sent: Feb 20, 2024 04:31 AM
From: Jonas Hammarback
Subject: Client Able to Authenticate EAP-TLS over wireless but not Wired. But EAP-PEAP works. "Client did not complete transaction"
Hi
Have you configured the correct shared secret for the switch and also in ClearPass? Check the Event log if you have any messages related to the switch IP and shared secret missmatch.
If ClearPass doesn't have the switch, or subnet, added and correct shared secret the requests will be dropped without any answer.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Feb 16, 2024 05:33 PM
From: canesniffer
Subject: Client Able to Authenticate EAP-TLS over wireless but not Wired. But EAP-PEAP works. "Client did not complete transaction"
Scratching my head.
AOS-CX 6300M Set up with Clearpass as Radius Servers. Wired Service and Wireless Set up Identical. Client Machine Will authenticate EAP-TLS over Wireless but Timesout on Wired.
Client Packet Capture is below.
I feel confident in the certs because Wireless is working.
Updated NIC Drivers. Clearpass states the "Client did not complete transaction" AOSCX switch states reason is server timeout. Client also says server timeout.
The Packet capture I think is telling me that a TLS has started. I am not certain what the "Nearest-non-TPMR-bridge" destination is. Its like the switch isn't recieving the response packets to send to Radius server.
Thanks ahead of time for some thoughts.