05-29-2008 02:16 PM - edited 07-03-2021 03:56 PM
Hi, I'm using a central Radius Server and have leap and eap-fast working fine, but when the wan link fail(local authentication) the new user that try to conect via leap get authenticated but eap-fast fail.
any ideas?. Im using wlc 5.01
05-29-2008 03:16 PM
If your radius is centrally located and your WAN links goes down, any authentication thats need to go back centrally will fail, unless you have local authentication. Don't know why LEAP would still work if authentication to the radius server has stopped.
Howerver, if you are using local EAP configured on the WLC, then you still will fail authentication because your wlc is centrally located.
05-30-2008 06:59 AM
on wlc version 5.1 you can configure the ap as local authentication for leap and fast, but fast is not working
05-30-2008 08:11 AM
If EAP-Fast is not working, double check your wlan setting. It works for me in my test lab.
05-30-2008 08:54 AM
eap fast as local authentication (H-reap)?,what did you do to make it work? could you please give me a clue?, maybe a printscreen from h-reap group option.
is right work first to external authentication via acs and if wan link fail use the local authentication?. to make it work local authentication eap-fast is necesary active something on wlc outside the hreap group option?.
Thanks
05-30-2008 09:11 AM
I actually tested it with the wlc local and not over the WAN. I forgot you mentioned about WAN failure. The only way you can make that work is if you also have a radius server local on the LAN. Sorry about the confusion.
05-30-2008 12:47 PM
since the wlc 5.x is supported local authentication on h-reap ap but is working using leap, I having problems with eap-fast
05-30-2008 05:34 PM
Local EAP is supported on 4.2 also. The thing is that Local EAP database is located on the WLC and not on the AP. So and AP in H-REAP mode that looses connectivity to the WLC will not be able to authenticate any 802.1x. Local Switching only supports open, wep, wpa-psk or wpa2-psk if you want users to be able to authenticate even though your WAN is down.
06-04-2008 12:58 PM
maybe this is creating confusing, I know that local eap fast on wlc, but in 5.x there is a local authentication on hreap too, and still authenticate user no matter is wlc down. and I proved is working fine, my error was on client, must configure a profile with eap-fast without mschapv2. the inner method must leave to none. thanks anyway
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide