Re: PEAP with WPA2...works fine with WEP

Perdue Farms · ‎04-04-2007

I have the following:

ACS 4.1

1200 AP 12.3(8)JEA1

Windows XP SP2 with WPA2 update.

My AP is set to authenticate to ACS for EAP requests, my ACS is setup to allow PEAP, and my client is using PEAP.

When my AP does not have "authentication key-management wpa" it works fine, but as soon as I enable that, my client can no longer connect.

In other words, it works with WEP encryption, but not with WPA2 AES. I obviously select WPA2 with AES on my client and have encryption set to AES-CCMP on the AP when doing this.

If I have the same exact WPA setup on my AP, but use a LEAP client, that works great. Problem is, LEAP is insecure and needs an additional supplicant(PEAP is built into XP sp2).

Any ideas?

Perdue Farms · ‎04-04-2007

using debug dot11 station conn failures i get:

Apr 4 13:24:02.218 EST: Client 000c.f144.48b2 failed: WPAIE not found and required

Apr 4 13:24:19.549 EST: Client 0019.7d52.bd57 failed: Timeout waiting for clien

t EAP auth response

Apr 4 13:24:19.549 EST: %DOT11-7-AUTH_FAILED: Station 0019.7d52.bd57 Authentica

tion failed

Apr 4 13:24:19.996 EST: DOT11 EVENT:(adding)client->key_details.encrypt_type is

200

Apr 4 13:24:40.038 EST: Client 0019.7d52.bd57 failed: Timeout waiting for clien

t EAP auth response

repeatedly....any ideas? I'm using a self-signed certificate.

Perdue Farms · ‎04-04-2007

apparently, im good at solving my own problems...I disabled qos, and it associated, I reenabled qos and it works...any idea why this would do it?