I am looking for a solution to authenticate a 350 Client against a MS Active directory via a 1200 AP (on 12.2(13)JA3 code). I was reading about EAP-FAST and it "says" it will do it, but when I attempt to set this up, I get an error in Windows Event viewer that says "An access request was recieved from client AP with a signature attribute that is not valid" Then the client times out. I cannot find what attributes it is talking about. Has anyone else seen this? Thanks.
Although the APs have native support for EAP-FAST (they really don't do much more than forward EAP messages), the client software+firmware and ACS server don't seem to have support yet. This is scheduled for Q1.
You can also authenticate users against MS AD using MS-PEAP (but not Cisco-PEAP). Cisco ACS3.2 and the MS 802.1x supplicant support MS-PEAP.
EAP-FAST is so darn new that I haven't seen an ACS version out yet that has support for this. I have been reading this from the latest download of the client wizard v1.3.
We use Funk Systems Steel-belted Radius Enterprise edition and as per our sales rep they will support this as long as Cisco supports it but it is not yet out. Looks like I was the first one who inquired about support for EAP-fast on the Funk radius server.
We are currently using LEAP and testing PEAP right now. Running Funk's steel-belted radius Server EE version 4.7.