I'm looking for some really good documentation on EAP-FAST. I have it running in a small production scenario right now so that I can conduct user trials. Links to good documentation would be appreciated or direct answers if you have them.
My Setup:
3750G switch with built-in controller (v.5.0.148.0)
4 * 1130AG access points
Cisco Secure ACS v3.3
Cisco PI21AG clients
Intel 4965AGN clients
My Issues:
1) Is there a way to disable the prompt that asks a user if they want to accept the PAC? There is no good reason to select "no".
2) When a user logs onto a machine for the first time the EAP-FAST authentication completes successfully and as soon as the desktop is diplayed, it goes through EAP-FAST authentication again. Subsequent logons by a user are fine. Why is this happening twice for first time users?
3) The answer for this question may explain #2. While checking the logs on my ACS server, "EAP-FAST user was provisioned with new PAC" gets displayed in Failed Attempts for a first time user.
4) Is there a way to do a machine PAC rather than 1 for each user?
5) when I checked my PACs using the Cisco ADU some of them are RED while the rest are GREEN. What does this mean?
Thanks in advance for your help.
Bruno