PEAP-GTC does not work with external token server over WLC
Funk Odyssey and Cisco ADU PEAP-GTC clients successfully authenticate with an Airespace controller running 3.0 or 3.1 software if using a static password, but not when authenticating through a one-time password to a token server.
This problem is documented in Cisco bug ID CSCsb64519.
Funk Odyssey and Cisco ADU PEAP-GTC clients are seen successfully
to authenticate with an Airespace controller running 3.0 or 3.1 software
if using a static password, but not when authenticating via a one-time
password to a token server.
The resolution of this issue will be done via an implementation of four
new CLI configuration options under "config advanced eap":
identity-request-timeout Configures EAP-Identity-Request Timeout in seconds.
identity-request-retries Configures EAP-Identity-Request Max Retries.
request-timeout Configures EAP-Request Timeout in seconds.
request-retries Configures EAP-Request Max Retries.
The default values for these options are as shown below. These values
were chosen to retain as default the controller's current behavior:
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 2
Known Fixed Releases:
To resolve the issue, upgrade the controller to the latest version. The upgrade can be done through the GUI or the CLI, as shown:
transfer download serverip
transfer download filename
transfer download datatype code
transfer download path /
transfer download start
Cisco Aironet Client Utility Installation and Configuration
Cisco Aironet Client Utility (ACU) software version 5.05 or later includes Cisco PEAP (EAP-GTC) supplicant functionality within the client software. When using ACU version 5.0x for PEAP, you must manually upgrade the client adapter drivers and firmware. For the required driver and software versions, refer to the "Prerequisites" section.
Note All bundled Cisco client adapter software (InstallWizard version 1.0 and later) automatically upgrade the driver and firmware upon installation.
Note The PEAP supplicant option must be selected from the InstallWizard upon initial installation. When you are using non-Cisco EAP supplicants with PEAP authentication, such as Microsoft 802.1X EAP-MSCHAP v2 in Windows XP Service Pack 1, only the appropriate client driver and software must be installed, because the authentication is handled by the EAP supplicant software incorporated into the operating system. The ACU can still be installed and used for diagnostics, statistics, or both, but the client adapter must be configured using the Microsoft (or other) utility.
All versions of the ACU after version 5.05 includes support for several EAP types including LEAP, EAP-TLS, and types that operate over EAP-TLS, such as EAP-TTLS and PEAP. Refer to the Cisco Aironet Client Utility Release Notes for additional information.
WLAN adapters (wireless card) / ACU (Aironet Client Utility)
Hello together,i want to monitor the AP-Controller "AIR-CT2504-K9" and his managed AccessPoints "AIR-AP2802I-E-K9".Main goal is that i can Ping all APs but actually it doesn't work.I find a section where to enable SSH, HTTP(S) and SMTP but nothing for Pin...
Hello all, I have a remote location separated by L3 routers and have APs operating in flexconnect mode. My CIO would like to use the same SSIDs we have at the main campus at the remote office to make the user experience more seamless so that us...