12-16-2019 08:08 AM - edited 07-05-2021 11:26 AM
Hi all-
5520 controller running 8.5.140 and a 3702 AP in local mode. I have other devices of various types concected to this SSID using EAP-TLS, so I am confident in the controller config (WPA2 Policy, WPA2 Encryption=AES, Authentication Key Management=802.1x)
I have a linux device that I am trying to connect via EAP-TLS. The deice is using wpa_supplicant. the config file is as follows:
network={
ssid="mySSID"
proto=RSN
key_mgmt=IEEE8021X
eap=TLS
scan_ssid=1
identity="myDevice"
ca_cert="/etc/certs/cacert.pem"
client_cert="/etc/certs/myDev.cer"
private_key="/etc/certs/myDevkey"
eapol_flags=3
}
The controller debug just shows the following:
*spamApTask3: Dec 16 09:53:46.861: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID ec:bd:1d:15:7b:d7 (slot 1), status 13 0 rsnie-osnie accept failed
*spamApTask1: Dec 16 09:53:52.260: b0:1f:81:d5:07:23 Association Failed on REAP AP BSSID 58:f3:9c:fb:a8:37 (slot 1), status 13 0 rsnie-osnie accept failed
Anyone have a config that works for wpa_supplicant and EAP-TLS?
Thanks
12-16-2019 09:15 AM
- You may be hitting a CCKM compliance issue ; check the following :
https://community.cisco.com/t5/wireless-and-mobility/ccx-devices-matrix-support/td-p/2726474
I also found a related bug report :
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf55570/?rfs=iqvred
M.
12-16-2019 10:39 AM
12-24-2019 07:16 PM
The setting "key_mgmt=IEEE8021X" in your wpa_supplicant.conf file is for WEP keys only. You mentioned you are using WPA2, so you should use the following:
key_mgmt=WPA-EAP
Also, if you don't want to be prompted for the private key password, you can add the following line under private_key:
private_key_passwd="password"
Dennis Bland
dB Performance Inc.
12-31-2019 01:16 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide