Solved: Can not authenticate Cisco Access Point with EAP-FAST - Page 2

RustamRustamov1023 · ‎06-02-2022

Hi,

I try to authenticate Access Point using EAP-FAST. I did everything that is described here:
https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-fixed/107946-LAP-802-1x.html

Although username and password are the same in Cisco ISE local database and AP I have an error:

5400 Authentication failed
22063 Wrong password

Could you please help me with that issue?

andrewswanson · ‎06-08-2022

The documentation shows a different authentication host-mode for the Flexconnect AP (should be multi-host rather than multi-auth as you have).

Your original switchport config looked ok:

interface GigabitEthernet 1/0/1
switchport access vlan 100
switchport mode access
spanning-tree portfast edge

Once ISE authorizes with RADIUS attribute device-traffic-class=switch it should change to:

interface GigabitEthernet 1/0/1
switchport trunk native vlan 100
switchport mode trunk
spanning-tree portfast trunk

hth
andy

Marius Gunnerud · ‎06-12-2022

In what order did you configure this? I mean, did you configure the switch first, and then WLC and ISE? If you configured the switch before the WLC / AP this might be the reason it is failing as the dot1x configuration has not been pushed to the AP

--
Please remember to select a correct answer and rate helpful posts

RustamRustamov1023 · ‎06-13-2022

Hi All,

There is a bug indicated in this link:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvn18615

I upgraded my WLC and now I can authenticate APs using EAP-FAST.