08-24-2009 06:50 PM - edited 07-03-2021 05:58 PM
The following is the setup.
WLC 4404 running 5.2.178.0 code. 1142N LAPs. ACS ver 3.2 is the radius server and is tied to AD.
I tested with three different models of laptops, two worked and one did not. The first laptop that worked: IBM (not on domain) with WinXP Pro and Intel wireless NIC. Used Intel ProSet utility with a user in the domain. The second laptop that worked: Dell with Vista and also Intel NIC. This laptop was part of the domain, it also worked. The laptop that is not working (LEAP does work though) is a HP/Compaq with WinXP Pro and Broadcom wireless NIC. This laptop is also in the domain. I'm using the Broadcom wireless utility. I tried different versions of the utility but no success. The ACS Failed Attempt log says the PAC has been provisioned to the user under the Authentication failure reason. The WLC shows authentication failed. Attached is a 'debug aaa events' from the WLC.
08-25-2009 05:03 AM
Try extending the default EAP timers. We find they are often too aggressive for EAP types that create a tunnel during the first phase such as EAP-FAST, PEAP, and EAP-TLS.
config advanced eap identity-request-timeout 10
!
config advanced eap request-timeout 10
08-25-2009 11:49 AM
I changed the timers and I still get an authentication failure in the controller. The ACS says: EAP-FAST user was provisioned with new PAC.
Does the ACS version matter?
Thanks for your help!
08-25-2009 12:31 PM
Correction on the ACS ver, is 3.3
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: