I have the following:
1200 AP 12.3(8)JEA1
Windows XP SP2 with WPA2 update.
My AP is set to authenticate to ACS for EAP requests, my ACS is setup to allow PEAP, and my client is using PEAP.
When my AP does not have "authentication key-management wpa" it works fine, but as soon as I enable that, my client can no longer connect.
In other words, it works with WEP encryption, but not with WPA2 AES. I obviously select WPA2 with AES on my client and have encryption set to AES-CCMP on the AP when doing this.
If I have the same exact WPA setup on my AP, but use a LEAP client, that works great. Problem is, LEAP is insecure and needs an additional supplicant(PEAP is built into XP sp2).