Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

EAP retry limit & PEAP

We are using PEAP authentication with ACS 3.2, wink2 client with the Microsoft PEAP supplement (Q313664). When the client is booting up it associates to the AP and the AP initiates the EAP process. Because the client is still in the boot process and doesn’t respond fast enough the AP's EAP requests, it disassociates the client before is finishes the bootup process and the user cannot login. Is there away to increase the number of EAP requests or adjust the timeout value between EAP requests? (If the user waits approx 2 minutes the client will re-attempt to associate and the PEAP process is successful).

Here is an example of the AP EAP diag:

2003/08/22 11:05:03 (Info): Station [MLT06T]0009b746267 Associated

Dot1X Authentication Entry (MLT06T) is created (Current Count=1)

RADIUS: Sending EAP-Request/Identity(id=1) packet to client MLT06T

RADIUS: Sending EAP-Request/Identity(id=2) packet to client MLT06T

Session-timeout for station 0009b746267

RADIUS: Sending EAP-Request/Identity(id=3) packet to client MLT06T

EAP: Received EAPOL-Start from client MLT06T

2003/08/22 11:05:47 (Warning): EAP retry limit reached for Station [MLT06T]0009b

746267

2003/08/22 11:05:47 (Info): Deauthenticating [MLT06T]0009b746267, reason "Previ

ous Authentication No Longer Valid"

Any help would be greatly appreciated!

1 REPLY
New Member

Re: EAP retry limit & PEAP

If you check under the External Database configuration is machine authentication checked for either PEAP or EAP ?? If so, uncheck the boxes and you should decrease the time it takes to authenticate.

273
Views
0
Helpful
1
Replies
CreatePlease to create content