Oki Data CONFIDENTIAL
42930511TH Rev. 2 226 /
Failed to connect in EAP Mode
Phenomenon:
Wireless communication has no problem in the Open Mode and WPA-PSK Mode, but authentication
fails when the EAP Mode is set.
- A word indicating authentication error is recorded in RADIUS server log.
- 'Fail (EAP-TLS+TKIP)' is described in Authentication Status column of Network Summary , for
example.
Possible cause What to do
The settings of the access point are
incorrect.
RADIUS server setting are incorrect.
C9600’s EAP user name setting is incor-
rect.
The client certificate imported to C9600 is
incorrect.
The CA certificate imported to C9600 is
incorrect.
Authentication method does not match the
RADIUS server.
The authentication method does not match
in the C9600 and the access point.
The encryption method does not match in
the C9600 and the access point.
Cipher Suite does not match in C9600 and
RADIUS server.
(Cipher Suite indicates the key method and
encryption method combinations in EAP-
TLS authentication.)
Check the settings of the access point and set themt correctly.
An example of the setting items you should check:
•
Network settings (IP address, the subnet mask and the default gateway
have been set correctly)
• EAP settings (IP address, the port number, Shared secret, etc., of the
RADIUS server have been set correctly)
• Encryption Method setting (has been set to TKIP)
Check the settings of the RADIUS server and set them correctly.
An example of the setting items you should check:
• Authenticator (access point) settings (access point’s IP address, the
authentication method that is permitted, shared secret, etc., have been
set correctly)
• EAP user registration (EAP user name, certificate, etc., have been set
correctly)
• Server certificate (the correct server certificate has been installed)
Check the EAP user name with the network administrator and change the
C9600 setting to the correct one.
Ask the network administrator to distribute the certificate that corresponds
to the EAP user name and can be authenticated by the RADIUS server
and import it to C9600.
Ask the network administrator to distribute the certificate issued by the CA
that directly issues the server certificate of the RADIUS server, and import
it to C9600.
Change the RADIUS server setting and set EAP-TLS authentication
Enable.
Check the EAP type that is supported by the access point and check if it
supports EAP-TLS.
Change the encryption method of the access point to ‘TKIP’.
Change the RADIUS server setting and set Cipher Suite supported in the
C9600 Enable.
The following Cipher Suites are supported in the C9600:
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA * DES 64bit encryption
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA * DES 64bit encryption
SSL3_TXT_RSA_DES_192_CBC3_SHA
SSL3_TXT_RSA_RC4_128_SHA
SSL3_TXT_RSA_RC4_128_MD5
SSL3_TXT_RSA_DES_64_CBC_SHA
To Next Page
Loading...
Need help?
General
