I'm running 802.1x in my network and the Windows clients are authenticated without any problem. But now i want to put a new switch B in switch A.
Switch B will act as an supplicant and I have configured it with relevent data.
On switch A i have the config aaa authentication port-access eap-radius.
When switch B are trying to authorize I got an error on the radius server. I think this is related to my certificate. I have a self signed certificate on the radius and I have also tried with our real certificate from GoDaddy, this is an wildcard and I think i could not be an wildcard on the radius for the EAP to work?
User:
Security ID: xxxxxxxxxxxxxxxx
Account Name: xxxxxxxxxxxxxxxx
Account Domain: xxxxxxxxxxxxxxxx
Fully Qualified Account Name: xxxxxxxxxxxxxxxx
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: xxxxxxxxxxxxxxxx
Calling Station Identifier: xxxxxxxxxxxxxxxx
NAS:
NAS IPv4 Address: xxxxxxxxxxxxxxxx
NAS IPv6 Address: -
NAS Identifier: xxxxxxxxxxxxxxxx
NAS Port-Type: Ethernet
NAS Port: 6
RADIUS Client:
Client Friendly Name: xxxxxxxxxxxxxxxx
Client IP Address: xxxxxxxxxxxxxxxx
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: Test switch SUPPLICANT
Authentication Provider: Windows
Authentication Server: xxxxxxxxxxxxxxxx
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 22
Reason: The client could not be authenticated because the Extensible Authentication Protocol (EAP) Type cannot be processed by the server.
If I change aaa authentication port-access eap-radius to aaa authentication port-access chap-radius the switch is granted access but the windows clients want to have eap-radius to work.
So my question are do I need to have an real certificate on my radius or can I have my self signed?
