Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass and Catalyst 2960X - EAP-TLS timeout

This thread has been viewed 5 times

  • 1.  Clearpass and Catalyst 2960X - EAP-TLS timeout

    Posted Mar 27, 2024 10:55 AM

    Hello Airheads,

    We are testing in our lab the integration of Clearpass and Cisco Catalyst 2960X for wired 802.1X authentication of Win11 Laptops.

    Everything works fine with EAP-PEAP, but when we switch the supplicant to EAP-TLS, we have RADIUS timeout logs in the access tracker. If we connect the same endpoint on an Aruba 2530 configured for 802.1X, EAP-TLS works fine.

    Clearpass version is 6.11.5 , Catalyst 2960X IOS version is the latest available, Endpoint device is Windows 11 Laptop with the latest patch.

    I just wanted to ask if anybody here succeeded in configuring the same environment with EAP-TLS with Cisco Catalyst 2960X and Clearpass, or if you have any suggestion to let it work.

    Thank you

    Kindly

    Alessandro



  • 2.  RE: Clearpass and Catalyst 2960X - EAP-TLS timeout

    EMPLOYEE
    Posted 29 days ago

    not per say, but a packet capture could be able to narrow it.
    fragmentation issue?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 3.  RE: Clearpass and Catalyst 2960X - EAP-TLS timeout

    Posted 29 days ago

    Hello and thank you,

    I don't think fragmentation could be a problem since we have the same MTU size on both Catalyst and HPE switches.

    Anyway I will take a PCAP from the port to investigate deeper.

    Kind regards

    Alessandro


    Original Message