Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

PEAP authentication takes approximately 30 seconds to re-authenticate when roaming between APs

 

 

Introduction

 

PEAP authentication takes approximately 30 seconds to re-authenticate when roaming between APs

 

Resolution

 

Protected EAP (PEAP) is a draft EAP authentication type that is designed to allow hybrid authentication. PEAP employs server-side Public Key Infrastructure (PKI) authentication. For client-side authentication, PEAP can use any other EAP authentication type. Because PEAP establishes a secure tunnel through server-side authentication, non-mutually authenticating EAP types can be used for client-side authentication (such as EAP Generic Token Card (GTC) for one-time passwords (OTP), and EAP MD5 for password-based authentication).

 

When PEAP authentication is used, there is a delay when users roam between Cisco Access Points (APs). PEAP takes a long time to authenticate because it must re-authenticate user credentials to the RADUIS server  every time the user roams.

  • Do not use WPA/TKIP with PEAP to avoid delays.

  • Refer the article 826942 to obtain the patch which fixes the authentication delays.

  • Using Fast reconnect is another option to decrease the re-authentication delays. This should be enabled on the client and the authentication server. Refer URL configuring ACS for PEAP

 

 

/image/gif/paws/43486/acs-peap-15.gif

 

 

 

 

Problem Type

Roams  between access points continuously

 

Security Options

PEAP

 

Reference

 

 

For more information on the fast roaming feature and how to configure fast roaming,

Configuring WDS and Fast Secure Roaming section of Configuring WDS, Fast Secure Roaming, and Radio Management.

2012
Views
5
Helpful
0
Comments