We have a piece of equipment that is using a Cisco 1602 as a uWGB to connect to client's network. This equipment is used at many different tenants and works great... except under one scenario we have found. When using MS-PEAP, there has been at least one client that configures the RADIUS server to offer back a "Smart Card or other Certificate" in addition to "Secured password (EAP-MSCHAP v2)". Please note, I am referring to the configuration under "Microsoft: Protected EAP (PEAP)". if the FIRST method in this list is "Smart Card or other certificate", then the 1602 can't connect. If I change the order so that "Secured password (EAP-MSCHAP v2)" is first, it work GREAT! Note that the AP is configured to use EAP-MSCHAPv2 (username/password)
So just to be clear, both of these EAP types are of the PEAP family... PEAP-EAP-MSCHAP2 and PEAP-EAP-TLS. We CAN have as many EAP Types as we would like in the screen above this. IE: We can have PEAP, TLS, etc. in ANY order, and it work great. But if we adjust the order WITHIN PEAP, it makes it so the 1602 can't connect. Here is the screen I am referring to:
In this configuration, it will NOT connect. but if I move "Secured password (EAP-MSCHAP v2)" up, it works perfect.
I guess what I am trying to figure out is if there is anyway on the access point side to work past this. I have spent a lot of time on this, and have discovered nothing that helps. We are using 15.2(2)JA2. It would be nice to not have to depend on the client to set this order properly.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...