[RADIATOR] 802.1x authentication questions
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Wed Jun 1 11:17:11 CDT 2011
Hi,
I'm currently implementing dot1x for our wired and wireless
infrastructure (various Cisco switches, mostly 4500 and Cisco 5508
Wireless LAN Controllers).
I've installed radiator in a Debian 6 VM with openssl 1.0.0d from
testing for CRL reloading support although I'm not sure if this is still
necessary as Radiator logs reloading CRL messages.
Everything is working good so far but for the case that a non-company
client has dot1x enabled on the interface I'd like to switch the port to
our guest lan.
This is working fine on the switch, but a Windows 7 client receives the
EAP auth failure from Radiator and doesn't try to send a dhcp request
although the switch port has already been set to the guest lan.
Is there a solution for this problem?
For the wireless part we're getting the following error on the WLC:
%DOT1X-3-AUTHKEY_TX_TRANS_ERR: 1x_kxsm.c:128 Authentication state
transition to state 0 failed; port status 0, key available 1, key tx
enabled 1
If someone encountered this error and knows a solution while we wait for
the Cisco TAC please respond!
Thanks!
--
Best regards, Alex
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list