I've managed to sort of get eap-tls setup and working. Here is the deal though. 340 AP, 350 Client card, W2K RADIUS Server, EAP-TLS auth, rotating WEP keys. When I insert my 350 card into my notebook and watch the ACU status screen, I see that it begins authentication to the AP, and then just stops and shows as Not Associated. If I just wait for a while, sometimes 30 seconds, sometimes up to 3 minutes, it will restart the auth process and this time complete successfully. But it never works on the first try. Strange, please advise. Thanks
Our client does not want to pay $7,000 CDN for Cisco ACS. That is why no leap and only eap-tls. Anyways, here is the log output from my AP when the auth process fails for the first time...Maybe it can help you help me :)
00:01:26 Info Deauthenticating [JASONSPC]000bfd63b2b5, reason "Previous Authentication No Longer Valid"
00:01:26 Warning EAP retry limit reached for Station [JASONSPC]000bfd63b2b5
00:01:22 Info Station [JASONSPC]000bfd63b2b5 Associated
00:01:22 Info Station [JASONSPC]000bfd63b2b5 Authenticated
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...