on wlc version 5.1 you can configure the ap as local authentication for leap and fast, but fast is not working

If EAP-Fast is not working, double check your wlan setting. It works for me in my test lab.

eap fast as local authentication (H-reap)?,what did you do to make it work? could you please give me a clue?, maybe a printscreen from h-reap group option.

is right work first to external authentication via acs and if wan link fail use the local authentication?. to make it work local authentication eap-fast is necesary active something on wlc outside the hreap group option?.

Thanks

I actually tested it with the wlc local and not over the WAN. I forgot you mentioned about WAN failure. The only way you can make that work is if you also have a radius server local on the LAN. Sorry about the confusion.

since the wlc 5.x is supported local authentication on h-reap ap but is working using leap, I having problems with eap-fast

Local EAP is supported on 4.2 also. The thing is that Local EAP database is located on the WLC and not on the AP. So and AP in H-REAP mode that looses connectivity to the WLC will not be able to authenticate any 802.1x. Local Switching only supports open, wep, wpa-psk or wpa2-psk if you want users to be able to authenticate even though your WAN is down.

maybe this is creating confusing, I know that local eap fast on wlc, but in 5.x there is a local authentication on hreap too, and still authenticate user no matter is wlc down. and I proved is working fine, my error was on client, must configure a profile with eap-fast without mschapv2. the inner method must leave to none. thanks anyway