Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PEAP-GTC fails after Migrating Autonomous to Centralised

I have a autonomous solution of about 20 AP's which is working fine. The Authentication method is PEAP-GTC using the funk Odyssey client to ACS v3.2 and RSA server.

I migrated the solution to the centralised unified lightweight solution and all looked well, AP's registered with the controllers and clients authenticated through the unified solution no problem and you could see the passed authentication in the ACS log with the WLC address as the NAS. However once all AP's were converted to lightweight the clients restarted they stopped authenticating and no pass or fail was recorded on the ACS.

I found that if a client initially authenticated to an Autonmous AP and then roamed to a lightweight AP that worked fine, but clients could not do a cold authentication through a lightweight AP. I turned authentication off on the WLC and then clients can associate fine. I debugged the roam authentication and then the cold authentication as far as AAA events went and could not see a difference, the WLC reported a send and challenge response from the RADIUS (ACS) server in both cases, but only in the roam was a log reported in the ACS pass or fail.

I have attached a word doc with the logs.

and a jpg of the client details as shown on the controller.

I have rolled back to the autonomous solution, and will have another attempt very soon.




Re: PEAP-GTC fails after Migrating Autonomous to Centralised

One of the reason is due to the timeout value setup on the controller.To resolve the issue, upgrade the controller to the latest version.