H-REAP Local Authentication eap-fast not working

Unanswered Question
May 29th, 2008
User Badges:

Hi, I'm using a central Radius Server and have leap and eap-fast working fine, but when the wan link fail(local authentication) the new user that try to conect via leap get authenticated but eap-fast fail.

any ideas?. Im using wlc 5.01

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fella Thu, 05/29/2008 - 15:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If your radius is centrally located and your WAN links goes down, any authentication thats need to go back centrally will fail, unless you have local authentication. Don't know why LEAP would still work if authentication to the radius server has stopped.


Howerver, if you are using local EAP configured on the WLC, then you still will fail authentication because your wlc is centrally located.

sdeltoro1 Fri, 05/30/2008 - 06:59
User Badges:

on wlc version 5.1 you can configure the ap as local authentication for leap and fast, but fast is not working

Scott Fella Fri, 05/30/2008 - 08:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If EAP-Fast is not working, double check your wlan setting. It works for me in my test lab.

sdeltoro1 Fri, 05/30/2008 - 08:54
User Badges:

eap fast as local authentication (H-reap)?,what did you do to make it work? could you please give me a clue?, maybe a printscreen from h-reap group option.

is right work first to external authentication via acs and if wan link fail use the local authentication?. to make it work local authentication eap-fast is necesary active something on wlc outside the hreap group option?.

Thanks

Scott Fella Fri, 05/30/2008 - 09:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I actually tested it with the wlc local and not over the WAN. I forgot you mentioned about WAN failure. The only way you can make that work is if you also have a radius server local on the LAN. Sorry about the confusion.

sdeltoro1 Fri, 05/30/2008 - 12:47
User Badges:

since the wlc 5.x is supported local authentication on h-reap ap but is working using leap, I having problems with eap-fast

Scott Fella Fri, 05/30/2008 - 17:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Local EAP is supported on 4.2 also. The thing is that Local EAP database is located on the WLC and not on the AP. So and AP in H-REAP mode that looses connectivity to the WLC will not be able to authenticate any 802.1x. Local Switching only supports open, wep, wpa-psk or wpa2-psk if you want users to be able to authenticate even though your WAN is down.

sdeltoro1 Wed, 06/04/2008 - 12:58
User Badges:

maybe this is creating confusing, I know that local eap fast on wlc, but in 5.x there is a local authentication on hreap too, and still authenticate user no matter is wlc down. and I proved is working fine, my error was on client, must configure a profile with eap-fast without mschapv2. the inner method must leave to none. thanks anyway

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode