cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
484
Views
0
Helpful
3
Replies

More PEAP questions

George.burtz
Level 1
Level 1

We are evaluating the best way to secure our wireless networks and have decided that PEAP looks like the best bet. I have a test setup using Secure ACS as the radius server, a 1200 AP w/ 12.2(11)JA IOS, and an XP laptop w/ an Aironet 350 card.

I have been unable to get PEAP to work using the Cisco supplicant or the MS supplicant. LEAP works fine.

There is a CA setup and the ACS server has the server cert installed.

ACS is enabled for PEAP.

Here is a debug of the unseccessful PEAP authentication process if that will help.

Jul 9 10:51:41: dot11_aaa_dot1x_start: in the dot11_aaa_dot1x_start

Jul 9 10:51:41: dot11_dot1x_run_rfsm: Executing Action(INIT,EAP_START) for 000b

.fde1.5ccd

Jul 9 10:51:41: dot11_dot1x_send_id_req_to_client: sending identity request for

000b.fde1.5ccd

Jul 9 10:51:41: dot11_dot1x_client_send_eapol: sending eapol to client 000b.fde

1.5ccd

Jul 9 10:51:43: dot11_dot1x_distribute_bkey: Updating Group Key: vlan=0, index=

1, len=13

Jul 9 10:51:43: dot11_dot1x_distribute_bkey: Multicast key distributed to 0 cli

ents

Jul 9 10:51:51: dot11_dot1x_run_rfsm: Executing Action(CLIENT_WAIT,TIMEOUT) for

000b.fde1.5ccd

Jul 9 10:51:51: dot11_dot1x_send_response_to_client: Respond not sent to client

!

Jul 9 10:51:51: dot11_dot1x_send_client_fail: Authentication failed for 000b.fd

e1.5ccd

Jul 9 10:51:51.820 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Jul 9 10:51:53: dot11_dot1x_distribute_bkey: Updating Group Key: vlan=0, index=

2, len=13

Jul 9 10:51:53: dot11_dot1x_distribute_bkey: Multicast key distributed to 0 cli

ents

Jul 9 10:51:57: dot11_aaa_dot1x_start: in the dot11_aaa_dot1x_start

Jul 9 10:51:57: dot11_dot1x_run_rfsm: Executing Action(INIT,EAP_START) for 000b

.fde1.5ccd

Jul 9 10:51:57: dot11_dot1x_send_id_req_to_client: sending identity request for

000b.fde1.5ccd

Jul 9 10:51:57: dot11_dot1x_client_send_eapol: sending eapol to client 000b.fde

1.5ccd

Jul 9 10:52:07.245 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Jul 9 10:52:22.709 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Jul 9 10:52:38.134 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

Does anyone have any idea or guidance on how best to get PEAP working?

Thanks......

3 Replies 3

derwin
Level 5
Level 5

Your client is NOT correctly configured for EAP as it is not answering the EAPOL identity request

Jul 9 10:51:57: dot11_dot1x_send_id_req_to_client: sending identity request for

000b.fde1.5ccd

Jul 9 10:51:57: dot11_dot1x_client_send_eapol: sending eapol to client 000b.fde

1.5ccd

Jul 9 10:52:07.245 EDT: %DOT11-7-AUTH_FAILED: Station 000b.fde1.5ccd Authentica

tion failed

ghess
Level 1
Level 1

For the MS supplicant, under the PEAP properties page have you tried to uncheck the 'Validate Server certificate' box ??

Thanks for the responses. I figured it out myself - it was a certificate trust issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: