I am attemping to configure Infratructure authentication for WDS and WPA/PEAP Client authentication using ACS 4.1(1) Build 23 from an Aironet 1210 running IOS 12.3(8)JEC.
I have a production ACS server that has both LEAP and PEAP enabled under the global configuration options.
The access point has been correctly defined as a NAS using RADIUS-Aironet on the ACS server. The Access point has ACS defined as a RADIUS server and the shared secret set the same as the NAS definition within ACS.
For both WDS Infrastructure authentications(LEAP) and client authentication requests to the access point using PEAP I receive the following message in the ACS failed log:
"Invalid message authenticator in EAP request"
A search on CCO tells me that this is normally the result of a shared secret mismatch. I have however retyped the shared secret several times , and tested with simple strings such as "cisco" and the same result is received. Both the Radius definition on the AP and the NAS definition on ACS have bee re-created with no change in result.
As a test I ran up a clean install of ACS 4.1(1)23 in a VMware session. Configured a NAS object for the AP as I had previously done on the production system and it worked first go.
Would anyone have any clues on what could be wrong with my production ACS. ?