I have a wireless network configured for a Unified Wireless Voice solution and have started to see some anomolies regarding the EAP-FAST authentication.
I currently have a Wireless Services Module (WiSM) installed into a Catalyst 6509. The software running on the WiSM is 220.127.116.11 and we are authenticating the 7925 handsets using WPA2 (EAP-FAST). The handsets are being authenticated against a Cisco ACS Applicance (version 4.1).
The ACS has a Self-Signed Certificate installed and is doing automatic PAC provisioning.
The issue we are seeing is on the WiSM I have an error message as follows;
AAA Authentication Failure for UserName:anonymous User Type: WLAN USER
And I can see on the ACS Server in the Failed Attempts log an Authentication Failure against the Username: anonymous. The Auth Failure Code is; ACS MSCHAP password is invalid
I thought that maybe the EAP timeout values could need changing so have set them to the following;
config advanced eap identity-request-timeout 60
config advanced eap identity-request-retries 20
config advanced eap request-timeout 60
config advanced eap request-retries 10
config advanced eap eapol-key-timeout 5
config advanced eap eapol-key-retries 4
I was also reading some other tech notes and blogs about a bug CSCsw88545 but this suggests this is authenticating against a local WLC.
Any suggestions would be helpful