Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Setup EAP-PEAP on WLAN Controller using IAS?

I am seriously stuck. I have spent the past week trying to get EAP-PEAP MSChap to work using a WLAN 4402 controller. I cannot find any documentation on how to propperly set up the WLAN controller to do this. I have gone through over 500 pages of microsoft documentation on how to setup IAS and a certificate server. I believe that this part is working right. I dont believe that the WLAN controller is properly handeling authentication requests. WLAN controller is currently set to WAP2(802.1x), Radius Auth and Accounting servers IP's are set and pingable. Does anyone know of any good documentation to configure WLAN controller to do this?

WLAN Controller Log Reads:

[SECURITY] 1x_auth_pae.c 2367: Reached Max EAP-Identity Request retries (21) for STA xx:xx:xx:xx:xx:xx

Tue Nov 7 08:41:07 2006 [ERROR] dot1x_msg_task.c 357: mscb not found for STA xx:xx:xx:xx:xx:xx - unable to process 802.1x event 4

Tue Nov 7 08:41:07 2006 Previous message occurred 3 times

Thanks in advance...


Re: Setup EAP-PEAP on WLAN Controller using IAS?

best source for documentation, setup guides

And he has one there specifically for PEAP setup to an IAS server. Very nice walk through on it.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Setup EAP-PEAP on WLAN Controller using IAS?

I have actually already looked through this power point. It is great information for setting up the IAS server. I believe that the IAS server is set up correct. I am looking for documentation on how to set up the WLAN controller /Client for RADIUS PEAP authentication and accounting.

Here are my current WLC settings

Radius accounting IP (enabled)

Radius authentication IP (enabled)

WLAN SSID WAP(802.1x) (enabled)

Client Settings

Authentication WAP

Data Encryption AES

EAP Type : Protected EAP(PEAP)

Authenticate when Computer Info available =true

Any help is much appreciated!

Re: Setup EAP-PEAP on WLAN Controller using IAS?

on the WLAN, (4.0 controller) Change to WPA + WPA2, select your AAA servers, and under the WPA selection, set it for AES and key management 802.1x.

3.2 Change to WPA2, and select your AAA server, do not check WPA compatability, unless you want normal WPA, and don't check pre-shared key mode.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Setup EAP-PEAP on WLAN Controller using IAS?

I am finally getting a chance to get back to this issue. I do not know what version I am running (Brand new 4402 WLAN controller). However the 3.2 steps seemed to make sense. I am fairly confident that the Authentication request isn't even making it to the IAS server. I used Etherreal and saw no packets using the specified Radius ports. I keep turning back to the controller settings as being the cause of the issue.

More Details:

I have set up an interface on the WLAN controller using the subnet. I have set up an Authentication / Accounting server up on the same subnet. My access points are broadcasting a SSID that uses DHCP to provide addresses on this same subnet.

Questions that I still have

1) Do I set up the WLAN controllers 10.0.203.X interface rather than the AP's interface in IAS under Radius Clients?

2.) What does the AAA overide do in the WLAN settings?

3.) Do I need to have the Use AES key wrap box checked under the Authentication server page?

4.)Do the Radius servers need to be on the same subnet as the managment interface to work properly?

5.)Do I need to create some sort of AP group or AP authentication group on the WLAN controller?