We are migrating from an autonomous wireless infrastructure to Unified infrastructure and have come across an issue with clients unable to automatically provision a PAC.
The same ACS server is being used for authentication and eap-fast has been working for a number of years now. Upon a failure, the client (ACU 6.4) says "provisioning failed" whilst the ACS failed attempt logs says "EAP-TLS or PEAP authentication failed during SSL handshake"
If I take the client PC into an area where the old infrastructure has coverage the client provisions fine and authenticates. If I then bring the client back into the new coverage area it authenticates fine. It appears it's just the PAC provisioning that is failing.
Interestingly, newer CB21 cards which are ABG provision fine. Anybody else had problems like this?
Re: 350 series adaptor cards unable to PAC Provision
As the newer CB21 cards are working fine without any provisioning issues check the configuration on the client card having the issue and make sure it is the same as the config on the working card. Also try upgrading the client software on the card. This may resolve the issue. The error message "EAP-TLS or PEAP authentication failed during SSL handshakeâ may be due to certificate being invalid in the ACS.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...