Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

EAP-FAST authentication issue

The following is the setup.

WLC 4404 running code. 1142N LAPs. ACS ver 3.2 is the radius server and is tied to AD.

I tested with three different models of laptops, two worked and one did not. The first laptop that worked: IBM (not on domain) with WinXP Pro and Intel wireless NIC. Used Intel ProSet utility with a user in the domain. The second laptop that worked: Dell with Vista and also Intel NIC. This laptop was part of the domain, it also worked. The laptop that is not working (LEAP does work though) is a HP/Compaq with WinXP Pro and Broadcom wireless NIC. This laptop is also in the domain. I'm using the Broadcom wireless utility. I tried different versions of the utility but no success. The ACS Failed Attempt log says the PAC has been provisioned to the user under the Authentication failure reason. The WLC shows authentication failed. Attached is a 'debug aaa events' from the WLC.


Re: EAP-FAST authentication issue

Try extending the default EAP timers. We find they are often too aggressive for EAP types that create a tunnel during the first phase such as EAP-FAST, PEAP, and EAP-TLS.

config advanced eap identity-request-timeout 10


config advanced eap request-timeout 10

Community Member

Re: EAP-FAST authentication issue

I changed the timers and I still get an authentication failure in the controller. The ACS says: EAP-FAST user was provisioned with new PAC.

Does the ACS version matter?

Thanks for your help!

Community Member

Re: EAP-FAST authentication issue

Correction on the ACS ver, is 3.3

CreatePlease to create content