01-24-2012 05:02 PM - edited 07-03-2021 09:26 PM
Hi all
after we move from PEAP to EAP-TLS authentication on the wireless phone, user starts to complain some time the call is cut off. I check on the phone, it will not assoicated with a next LAP. I believe this is somehow to do with the TLS authentication. any one has experienced similar issue and any solution? Thanks Roy.
Solved! Go to Solution.
01-24-2012 07:57 PM
Cisco recommended code for the phones is 1.4.2. Its suppose to provide for better roaming. Now will it fix your issue... don't know. You said you had no issue with peap only when you changed the authentication to eap-tls... no other changes were made correct?
01-24-2012 06:59 PM
what encryption is the WLAN configured for? What firmware is the phone running?
Steve
Sent from Cisco Technical Support iPhone App
01-24-2012 07:52 PM
Hi Steve
We use the cisco ACS as radius server, the authentication method is EAP-TLS, all other method has been disabled.
on the phone: AppLoad ID CP7921G-1.2.1 Loads WLAN firmware ID 4.3.4.22 WLANdriver ID 5.3.1.15
Cheers
Roy
01-24-2012 07:57 PM
Cisco recommended code for the phones is 1.4.2. Its suppose to provide for better roaming. Now will it fix your issue... don't know. You said you had no issue with peap only when you changed the authentication to eap-tls... no other changes were made correct?
01-24-2012 08:05 PM
H Scott thanks for reply.
I will try to upload the new firmware and update you later,
Yes the when we are running on the PEAP is OK, no roaming issue. someone mentioned to me the CCK setting, but I don't see much information on that topic. need a bit research and test.
01-24-2012 08:14 PM
On the WLAN SSID setting you have two options, 802.1x and 802.1x + CCKM. CCKM might help.
Thanks,
Scott Fella
Sent from my iPhone
01-24-2012 08:16 PM
•CCKM—Cisco Centralized Key Management (CCKM) uses a fast rekeying technique that enables clients to roam from one access point to another without going through the controller, typically in under 150 milliseconds (ms). CCKM reduces the time required by the client to mutually authenticate with the new access point and derive a new session key during reassociation. CCKM fast secure roaming ensures that there is no perceptible delay in time-sensitive applications such as wireless Voice over IP (VoIP), enterprise resource planning (ERP), or Citrix-based solutions. CCKM is a CCXv4-compliant feature. If CCKM is selected, only CCKM clients are supported.
01-25-2012 11:09 PM
Hi Scott, just quick update, upgrading the firmware to 1.4 has fixed the is problem. many thanks. cheers Roy
01-26-2012 04:33 AM
Well that is good news and a quick fix:)
Thanks,
Scott Fella
Sent from my iPhone
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide