03-06-2007 04:15 AM - edited 07-03-2021 01:44 PM
Hi,
I'm trying to configure a 1242 AG Access Point (configured as a Workgroup Bridge) with EAP-Fast using in-band authentication and requiring certificate for provisioning. I have a certificate and all required options checked on ACS 4.1 Server side, and a trustpoint defined on AP side, but I always get a handshake failure.
Although, using EAP-Fast anonymous in-band is working, and using EAP-TLS with the these certificates works too.
So I finally ask this question : as someone ever configured a 1242 AG Access Point as a client to use EAP-Fast PAC provisioning based on certificates, and is there some undocumented trick that I've missed ?
Regards.
Stephane.
03-12-2007 10:02 AM
It worked for me. I think you might have missed some configuration. Check out this document which has complete information on deploying EAP FAST in a wireless environment.
http://www.cisco.com/en/US/products/hw/wireless/ps430/prod_configuration_guide09186a008046dc81.html
03-13-2007 05:20 AM
Thanks for the link to the document. I've checked out all the options and they are ok, but the TLS(PKI) phase 0 is not mentioned, and it still stop working as soon as I disable the anonymous authentication. I guess I should try with a laptop client (actually the goal is to connect a small network to the main network where the radius server is, using 2 access points), just to be sure of my ACS configuration.
Regards.
Stephane.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide