what is the type of PAC provisioning you are using? is it anonymous or authenticated PAC provisioning.
If it is anonymous please make sure that you have enabled EAP -MSCHAP v2 due to the fact that we are using diffie helman key agreement in this phase and we need this type to provide mutual authentication.
Can you send me screen shot for the EAP fast config from client and server.
I did enable the debug, but I see no problem being printed, I see that the client simply restarts the process all over again (in accordance with the sequence of events listed above. I am using fast_provisioning=3, I figured that it simply failed for 1 and 2.
I was working on it and I observed that Client generated the key after 100sec of getting a server hello; meanwhile server sends 3 server hello’s at an interval of 30 secs and finally de-authenticates the client. As I can’t change the time taken by client to generate the key (vary slow processor), is there a way to change the timings on server? I wanted to test it out by extending the wait time on the server, and I could find no interface to change the timings.
You did not answer if it works with manually PAC put on the client?
You can increase the timer. What I see so far that the timeout happens inside the TLS tunnel with the identity request packet (second identity reqeust. first one was not inside the TLS tunnel).
You can modify controller timers (EAP-identity request, EAP-Request, and EAPOL-Key timeouts).
If you can attach the debug client output that would be fine. But to be honest I have no guarantee when I'll give it a look. you put it anyway. maybe maldehne will look at it if I did not do quickly.
Also, You may consider increasing all the timers in the EAP process (so far I believe it is identity time that needs to be increased but you can increase all if you'd like because I am not fully sure about it).
you can either increase the timers from CLI:
config advanced eap
maldehne described increasing hte request-timeout above
or you can increase timers from GUI:
Security-> Local EAP-> General.
Hope there will be some improvement.
Rating useful replies is more useful than saying "Thank you"
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...