Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

H-REAP Local Authentication eap-fast not working

Hi, I'm using a central Radius Server and have leap and eap-fast working fine, but when the wan link fail(local authentication) the new user that try to conect via leap get authenticated but eap-fast fail.

any ideas?. Im using wlc 5.01

8 REPLIES
Hall of Fame Super Silver

Re: H-REAP Local Authentication eap-fast not working

If your radius is centrally located and your WAN links goes down, any authentication thats need to go back centrally will fail, unless you have local authentication. Don't know why LEAP would still work if authentication to the radius server has stopped.

Howerver, if you are using local EAP configured on the WLC, then you still will fail authentication because your wlc is centrally located.

-Scott
*** Please rate helpful posts ***
New Member

Re: H-REAP Local Authentication eap-fast not working

on wlc version 5.1 you can configure the ap as local authentication for leap and fast, but fast is not working

Hall of Fame Super Silver

Re: H-REAP Local Authentication eap-fast not working

If EAP-Fast is not working, double check your wlan setting. It works for me in my test lab.

-Scott
*** Please rate helpful posts ***
New Member

Re: H-REAP Local Authentication eap-fast not working

eap fast as local authentication (H-reap)?,what did you do to make it work? could you please give me a clue?, maybe a printscreen from h-reap group option.

is right work first to external authentication via acs and if wan link fail use the local authentication?. to make it work local authentication eap-fast is necesary active something on wlc outside the hreap group option?.

Thanks

Hall of Fame Super Silver

Re: H-REAP Local Authentication eap-fast not working

I actually tested it with the wlc local and not over the WAN. I forgot you mentioned about WAN failure. The only way you can make that work is if you also have a radius server local on the LAN. Sorry about the confusion.

-Scott
*** Please rate helpful posts ***
New Member

Re: H-REAP Local Authentication eap-fast not working

since the wlc 5.x is supported local authentication on h-reap ap but is working using leap, I having problems with eap-fast

Hall of Fame Super Silver

Re: H-REAP Local Authentication eap-fast not working

Local EAP is supported on 4.2 also. The thing is that Local EAP database is located on the WLC and not on the AP. So and AP in H-REAP mode that looses connectivity to the WLC will not be able to authenticate any 802.1x. Local Switching only supports open, wep, wpa-psk or wpa2-psk if you want users to be able to authenticate even though your WAN is down.

-Scott
*** Please rate helpful posts ***
New Member

Re: H-REAP Local Authentication eap-fast not working

maybe this is creating confusing, I know that local eap fast on wlc, but in 5.x there is a local authentication on hreap too, and still authenticate user no matter is wlc down. and I proved is working fine, my error was on client, must configure a profile with eap-fast without mschapv2. the inner method must leave to none. thanks anyway

352
Views
0
Helpful
8
Replies