Is that an ArubaOS Switch? Or AOS-CX? Or other?
For PEAP, the client, in this case the switch would need to trust the RootCA that issued the EAP certificate for your ClearPass server.
If you changed the RootCA for the ClearPass RADIUS EAP certificate, there are good chances that you would need to add that root as a Trusted CA or Trust Anchor (not sure which) to your switch. PEAP clients should abort the authentication if they don't trust the server certificate (through it's root).
I never tried peap-mschapv2 for switch admin, but can imagine the result based on this.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Mar 25, 2023 10:47 AM
From: cdelarosa
Subject: Switch managment with clearpass as a radius server
Hello Im getting this message on the clearpass suddenly
Eap transaction did not complete whenever an admin wants to log in a switch, now noone can manage the switches through ssh or web
The only change that was done recently i bealive was that the CA was the clearpass before for the 802.1x users and now is the Windows CA, so now the clearpass has the 802.1x certificate that the Windows CA signed but thats all.
I actually did not configured the radius server for the clearpass and the switches integration but as far i know you dont need a certificate for this, or do you? at least on the manuals i read i never saw you needed one.
It also has a really old ssl certificate which i can replace with a self signed cert i guess but i dont think thats the issue, because it expited like 2 years ago.
Any ideas?