Issues with PEAP and 7921 phones

Unanswered Question
Oct 24th, 2008

I am running 7921's with PEAP authentication back to ACS 4.2 but often get "Authen session timed out: Challenge not provided by client" failed authentications in ACS. Leading up to the failure, I see the phone authenticate about 2 minutes before in the most recent case. Sometimes there will only be one failure and sometimes 4-5 in a minute.

I'm thinking about switching authentication to EAP-FAST but curious if others are using PEAP and running into the same thing.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
migilles Tue, 10/28/2008 - 08:40

Are you using version 1.2(1) with server validation enabled? Shouldn't matter as long as using a single ACS, but could be an issue if a problem with the certs across multiple ACS. Ensure you have the ACS eap request timeout set to the default of 20 seconds. Also check the AP side.

If using the WLAN controller, do "show advanced eap". Ensure the request timeout is also set for 20 seconds.

See the 7921G Deployment Guide for more info.

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf

Actions

This Discussion