--- James J J Hooper <[EMAIL PROTECTED]> wrote:
> Hi, > We had similar problems. An example of what we put > in the switch config > to get it to work is here: > <http://www.bristol.ac.uk/is/computing/advice/networks/documentation/dot1x/cisco.html> > > ... as Josh said - pay particular attention to the > dot1x & radius server > timeout settings - we found the cisco defaults be be > generally broken. > > Regards, > James Hi James, I follow your guide but still no lucks. It seems that the problem remains in the server or client side settings not in the switch. I always get something like: rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05a8], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0080], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 WTF is rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)? Attachment is the debug log of freeradius, please take a look at it. It's been two weeks and I still can not make this work. Deadline is comming, please help. Regards, Thai Duong. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html