cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
549
Views
0
Helpful
1
Replies

Issues with PEAP and 7921 phones

dkorell
Level 1
Level 1

I am running 7921's with PEAP authentication back to ACS 4.2 but often get "Authen session timed out: Challenge not provided by client" failed authentications in ACS. Leading up to the failure, I see the phone authenticate about 2 minutes before in the most recent case. Sometimes there will only be one failure and sometimes 4-5 in a minute.

I'm thinking about switching authentication to EAP-FAST but curious if others are using PEAP and running into the same thing.

1 Reply 1

migilles
Cisco Employee
Cisco Employee

Are you using version 1.2(1) with server validation enabled? Shouldn't matter as long as using a single ACS, but could be an issue if a problem with the certs across multiple ACS. Ensure you have the ACS eap request timeout set to the default of 20 seconds. Also check the AP side.

If using the WLAN controller, do "show advanced eap". Ensure the request timeout is also set for 20 seconds.

See the 7921G Deployment Guide for more info.

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: