Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
3
Replies

More PEAP questions

George.burtz
Level 1
Level 1

‎07-09-2003 08:22 AM - edited ‎07-04-2021 08:50 AM

We are evaluating the best way to secure our wireless networks and have decided that PEAP looks like the best bet. I have a test setup using Secure ACS as the radius server, a 1200 AP w/ 12.2(11)JA IOS, and an XP laptop w/ an Aironet 350 card.

I have been unable to get PEAP to work using the Cisco supplicant or the MS supplicant. LEAP works fine.

There is a CA setup and the ACS server has the server cert installed.

ACS is enabled for PEAP.

Here is a debug of the unseccessful PEAP authentication process if that will help.

Jul 9 10:51:41: dot11_aaa_dot1x_start: in the dot11_aaa_dot1x_start

Jul 9 10:51:41: dot11_dot1x_run_rfsm: Executing Action(INIT,EAP_START) for 000b

.fde1.5ccd

Jul 9 10:51:41: dot11_dot1x_send_id_req_to_client: sending identity request for

000b.fde1.5ccd

Jul 9 10:51:41: dot11_dot1x_client_send_eapol: sending eapol to client 000b.fde

1.5ccd

Jul 9 10:51:43: dot11_dot1x_distribute_bkey: Updating Group Key: vlan=0, index=

1, len=13

Jul 9 10:51:43: dot11_dot1x_distribute_bkey: Multicast key distributed to 0 cli

ents

Jul 9 10:51:51: dot11_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for

000b.fde1.5ccd

Jul 9 10:51:51: dot11_dot1x_send_response_to_client: Respond not sent to client

!

Jul 9 10:51:51: dot11_dot1x_send_client_fail: Authentication failed for 000b.fd

e1.5ccd

Jul 9 10:51:51.820 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Jul 9 10:51:53: dot11_dot1x_distribute_bkey: Updating Group Key: vlan=0, index=

2, len=13

Jul 9 10:51:53: dot11_dot1x_distribute_bkey: Multicast key distributed to 0 cli

ents

Jul 9 10:51:57: dot11_aaa_dot1x_start: in the dot11_aaa_dot1x_start

Jul 9 10:51:57: dot11_dot1x_run_rfsm: Executing Action(INIT,EAP_START) for 000b

.fde1.5ccd

Jul 9 10:51:57: dot11_dot1x_send_id_req_to_client: sending identity request for

000b.fde1.5ccd

Jul 9 10:51:57: dot11_dot1x_client_send_eapol: sending eapol to client 000b.fde

1.5ccd

Jul 9 10:52:07.245 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Jul 9 10:52:22.709 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Jul 9 10:52:38.134 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Does anyone have any idea or guidance on how best to get PEAP working?

Thanks......

Labels:
0 Helpful
3 Replies 3

derwin
Level 5
Level 5

‎07-14-2003 10:24 PM

Your client is NOT correctly configured for EAP as it is not answering the EAPOL identity request

Jul 9 10:51:57: dot11_dot1x_send_id_req_to_client: sending identity request for

000b.fde1.5ccd

Jul 9 10:51:57: dot11_dot1x_client_send_eapol: sending eapol to client 000b.fde

1.5ccd

Jul 9 10:52:07.245 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

0 Helpful

ghess
Level 1
Level 1

‎07-15-2003 11:40 AM

For the MS supplicant, under the PEAP properties page have you tried to uncheck the 'Validate Server certificate' box ??

0 Helpful

George.burtz
Level 1
Level 1
In response to ghess

‎07-16-2003 03:24 AM

Thanks for the responses. I figured it out myself - it was a certificate trust issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card