EAP-Fast with certificates

schareto · ‎03-06-2007

Hi,

I'm trying to configure a 1242 AG Access Point (configured as a Workgroup Bridge) with EAP-Fast using in-band authentication and requiring certificate for provisioning. I have a certificate and all required options checked on ACS 4.1 Server side, and a trustpoint defined on AP side, but I always get a handshake failure.

Although, using EAP-Fast anonymous in-band is working, and using EAP-TLS with the these certificates works too.

So I finally ask this question : as someone ever configured a 1242 AG Access Point as a client to use EAP-Fast PAC provisioning based on certificates, and is there some undocumented trick that I've missed ?

Regards.

Stephane.

dsweeny · ‎03-12-2007

It worked for me. I think you might have missed some configuration. Check out this document which has complete information on deploying EAP FAST in a wireless environment.

http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_guide09186a008046dc81.html

schareto · ‎03-13-2007

Thanks for the link to the document. I've checked out all the options and they are ok, but the TLS(PKI) phase 0 is not mentioned, and it still stop working as soon as I disable the anonymous authentication. I guess I should try with a laptop client (actually the goal is to connect a small network to the main network where the radius server is, using 2 access points), just to be sure of my ACS configuration.

Regards.

Stephane.