Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
0
Helpful
3
Replies

EAP-FAST authentication issue

alexjr
Level 1
Level 1

‎08-24-2009 06:50 PM - edited ‎07-03-2021 05:58 PM

The following is the setup.

WLC 4404 running 5.2.178.0 code. 1142N LAPs. ACS ver 3.2 is the radius server and is tied to AD.

I tested with three different models of laptops, two worked and one did not. The first laptop that worked: IBM (not on domain) with WinXP Pro and Intel wireless NIC. Used Intel ProSet utility with a user in the domain. The second laptop that worked: Dell with Vista and also Intel NIC. This laptop was part of the domain, it also worked. The laptop that is not working (LEAP does work though) is a HP/Compaq with WinXP Pro and Broadcom wireless NIC. This laptop is also in the domain. I'm using the Broadcom wireless utility. I tried different versions of the utility but no success. The ACS Failed Attempt log says the PAC has been provisioned to the user under the Authentication failure reason. The WLC shows authentication failed. Attached is a 'debug aaa events' from the WLC.

Labels:
Preview file
4 KB
0 Helpful
3 Replies 3

dancampb
Level 7
Level 7

‎08-25-2009 05:03 AM

Try extending the default EAP timers. We find they are often too aggressive for EAP types that create a tunnel during the first phase such as EAP-FAST, PEAP, and EAP-TLS.

config advanced eap identity-request-timeout 10

!

config advanced eap request-timeout 10

0 Helpful

alexjr
Level 1
Level 1
In response to dancampb

‎08-25-2009 11:49 AM

I changed the timers and I still get an authentication failure in the controller. The ACS says: EAP-FAST user was provisioned with new PAC.

Does the ACS version matter?

Thanks for your help!

0 Helpful

alexjr
Level 1
Level 1
In response to dancampb

‎08-25-2009 12:31 PM

Correction on the ACS ver, is 3.3

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card