Hi Ankur,

First of all thanks for you reply. Now, I would like to know if it is possible to configure any kind of 802.1x authentication with WPA 1/2?

I can see that this is doable on the WLC and shows up as WPA1+WPA2 + 802.1x.

Regards.

Jawad

Hi Jawad,

There is a trick here. If we talk of layer 2 security option you can either select WPA1/2 or 802.1x.

But if you select WPA1/2 as layer 2 security method then for auth key management you will get an option for 802.1x or pre shared key where you can select 802.1x as auth key management for WPA1/2 layer 2 security.

Also if you sleect WPA1 and 2 both via a GUI checking both the options itwill work with WPA2.

HTH

Ankur

*Pls rate helpfull post

Hi,

I was trying to setup EAP-Fast in a lab environment and it didn't seem to work. But, I just installed the same equipements at the customer site and it worked like a charm. The only difference is that I was using an external DHCP server in the lab and now I am using the internal DHCP server of the WLC.

Thanks everybody for your replies.

Hi.

We too have seen this in our environment. Why is this? Is this perhaps due to the DHCP requests being encrypted?

Out of interest, what DHCP server are you using?

We are required to use the external DHCP server so I would like to find an explanation for this but alas cannot.

Anybody shed any light on this?

Thanks in anticipation.

Sull

I am using the internal DHCP server that comes with the WLC. Since I used it, I didn't have any more connectivity issues.

I would recommend that you first test with the internal DHCP that comes with the WLC and see if it fixes your problem.

Regards,

Jawad

Hi. Thanks for the prompt response. We too are using the internal DHCP server on the WiSM to overcome this problem. What was the external DHCP server you were using?

We were using the windows 2003 DHCP server for some of the test and Cisco IOS DHCP server for others. Both didn't work for some reason.

The customer didn't care which DHCP server we use as long as it worked so we end up using the internal one without trying to troubleshoot further.

Regards,

Jawad Skalli

Thanks for that. We were trying to get it to work with QIP as the DHCP server so at least I can rule out it being an issue with a particular DHCP server product.

Unfortunately we have to use the external server as a matter of standards.

I found this on another thread.....

"Some of the earlier versions had problems with DHCP responses being dropped into the default VLAN (even though the request came from another valid VLAN).

The request makes it to the server, the server's response makes it all the way back where it loses its tag and is put into the Native VLAN."

This looks to be the issue as when we check on the DHCP server you can see the lease being granted. Wonder if there is a way round this if this is what's happening....

Question about choosing EAP-FAST over other EAP models...

While Cisco may be using EAP-FAST and may consider it secure enough, some industry analysts out there like George Ou of Tech Republic (I believe), think that it is just a little less vulnerable than LEAP. Is that true?

Is one better off by going to PEAP, or TLS or some other authentication option using ACS or is EAP-FAST secure for an enterprise network?

Any thoughts will be appreciated.

Thanks!