none
Authentication failed at NAP 802.1X enforcement

    Question

  • Team,

    I'm having some trouble setting up this feature, someone on the list alreadyimplemented??

    My scenario:


    1 - AD (DNS/DHCP/NPS Proxy)
    1 - NPS
    x - Enterasys B2, C2 and C3 Switches
    x - Desktops, notebooks and smatphones;

    imposing dhcp is working smoothly, but the imposition 802.1x am with the following errors:

    Authentication Details:
    Connection Request Policy Name: NAP 802.1X (Wired)
    Network Policy Name: -
    Authentication Provider: Windows
    Authentication Server: srvVIX-NAP01.redecliente.net
    Authentication Type: -
    EAP Type: -
    Account Session Identifier: -
    Reason Code: 96
    Reason: Authentication failed due to an EAP session timeout; the EAP session with the access client was incomplete.

    Authentication Details:
    Connection Request Policy Name: NAP 802.1X (Wired)
    Network Policy Name: -
    Authentication Provider: Windows
    Authentication Server: srvVIX-NAP01.redecliente.net
    Authentication Type: PEAP
    EAP Type: -
    Account Session Identifier: -
    Logging Results: Accounting information was written to the local log file.
    Reason Code: 262
    Reason: The supplied message is incomplete. The signature was not verified.

    I appreciate any information you can send me!

    Sds, _ Judson Luiz, ITIL, MCT, MCSE, MCTS E-mail/MSN: judson_luiz@hotmail.com Skype: judsonvix Twitter: twitter.com/judsonvix Linkedin: http://br.linkedin.com/in/judsonvix
    Thursday, February 03, 2011 6:36 PM

Answers

  • Hi Judson

    Ay i won't lie to you, i have no concrete theory about what the problem might be but i have a hunch though. I think the problem lies on your switches.. and since the Connection Request Policy is being initiated i think your switches don't support something to do with EAP most probably RFC3580, can you verify on the net or calling support for your switches to check if your switches support this, and update your switches firmware and try again, and if you can test your setup with a different set of switches CISCO would be ideal and see how it works out.

    i hope this helps you out


    tech-nique
    Thursday, February 03, 2011 10:31 PM